Oracle tech fmw-05-idm-neum-16.04.2010
1 like871 views
Oracle Identity Management improves security, compliance, and efficiency through centralized user provisioning, access management, and audit reporting. It enforces consistent security policies across systems, automates user provisioning and access based on defined roles, and streamlines compliance reporting to reduce costs.
Oracle tech fmw-05-idm-neum-16.04.2010
- 2. Oracle Identity Management: Improving Security and Compliance Duško Vukmanović Senior Sales Consultant
- 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
- 4. More breaches than ever… Data Breach Once exposed, the data is out there – the bell can’t be un-rung PUBLICLY REPORTED DATA BREACHES 400 300 630% Increase 200 100 Total Personally Identifying Information Records Exposed 0 (Millions) 2005 2006 2007 2008 Average cost of a data breach $202 per record Average total cost exceeds $6.6 million per breach Source: DataLossDB, Ponemon Institute, 2009 - http://datalossdb.org http://www.privacyrights.org/ar/ChronDataBreaches.htm
- 5. More threats than ever… 70% attacks originate inside the firewall 90% attacks perpetrated by employees with privileged access
- 6. More regulations than ever… • Federal, state, local, industry…adding more mandates every year! • Need to meet AND demonstrate compliance • Compliance costs are unsustainable ? Report and audit 90% Companies behind in compliance Source: IT Policy Compliance Group, 2007.
- 7. Higher Costs Than Ever… • User Management Costs • User Productivity Costs • Compliance & Remediation Costs • Security Breach Remediation Costs $ It Adds Up
- 8. IdM Delivers Sustainable Compliance • Enforces Segregation of Duties • Restricts Access • Automates access management • Automates compliance reports • Automates attestation
- 9. IdM Centralizes & Strengthens Security • Centralized security and policy management – Consistent policies enforced across enterprise – Accelerated compliance with evolving mandates • Automated provisioning / de-provisioning – Role based user provisioning and de-provisioning – Automated updates triggered by user status change • Single Sign-On, Delegated Administration, Risk- based Access – Reduce password compromises – Delegate policy administration to business owners – Proactively defend against sophisticated security threats
- 10. IdM Streamlines IT Efficiency • Lower Administrative costs – Cost savings via reduced help desk calls – Automated and aggregated audit reporting • Enhanced User Productivity – Reduce time to access systems from days to minutes – Automated provisioning – 212% ROI within 6 months1 • Enhanced IT Productivity – Developers re-use centralized security functions – Accelerated application deployments 1 – Forrester Research Report – TEI Study of Oracle Identity Manager 2008
- 11. Oracle Security Inside Out Database Security • Encryption and Masking • Privileged User Controls • Multi-Factor Authorization • Activity Monitoring and Audit • Secure Configuration Identity Management • User Provisioning • Role Management Information • Entitlements Management • Risk-Based Access Control Infrastructure • Virtual Directories Databases Information Rights Management Applications Content • Document-level access control • All copies, regardless of location (even beyond the firewall) • Auditing and revocation
- 12. Oracle’s Identity Management Comprehensive Suite of Best-Of-Breed Products Identity Admin. Access Management Directory Services Access Manager Identity Manager Internet Directory Adaptive Access Manager Enterprise Single Sign-On Role Manager Virtual Directory Identity Federation Entitlements Server Audit & Compliance Manageability Identity & Access Management Suite Enterprise Manager IdM Pack
- 13. Oracle Identity Administration Sustainable Compliance With High ROI E-Mail Directory Server Databases & OS/Legacy Identity & Role Reconciliation HR Applications Applications Identity Data Other Sources Physical Security
- 14. Role Based User Provisioning Oracle Identity Manager GRANT REVOKE GRANT REVOKE GRANT REVOKE Employee HR System Approval Applications Joins / Departs Workflows • Automate Roles Based Provisioning / Deprovisioning • Identify orphaned accounts • Report on “Who has access to what” • Self-service requests
- 15. Automated De-Provisioning Manual Task Revoked Cell Phone Identity Lifecycle Management Identity Store Terminated HRMS Reconciliation Provisioning Connector Employee Engine Workflow Revoked Applications
- 16. Self Service and Delegated Admin Delegated Admin Self-Service Manager assigning proxy user User doing password reset • Self Service Account Requests • Delegated Administration • Password Reset and Profile Management
- 17. Role Management E-mail App Business Role General Ledger App Assigned Project CRM App Location UK Benefits App • Centralized role management • Role and rule-based provisioning • Map business roles to IT roles & privileges • Multi-dimensional role hierarchies
- 18. Oracle Access Management Suite Centralized Security and Improved Business Agility Kerberos & Basic Auth. Single Sign On Across Enterprise Portals Risk-based Strong Authentication Secure Mutual Authentication Entitlements Management Packaged Apps Standards-based Federation Biometric Custom Apps Smart Card
- 19. Entitlements Management Before After App App Application Oracle Access App App Management Suite App • Hard-coded security policies • Externalized entitlements • Brittle policy management • Agile business policies • Application policy silos • Centralized policy management
- 20. Challenges With Entitlements • Are subject to massive proliferation & “creep” • Need to rely upon lots of context before making a decision • Must work hand-in-hand with your existing Identity Management and Provisioning solutions • Should be consistent across implementations • Policies can and do evolve independently from your application’s requirements • Entitlements implemented inside your application code are hard to change Bottom Line: Changing your policies means changing your applications
- 21. Risk-Based Access Control Oracle Access Management Suite Secure Mutual Risk-Based Authentication Risk Scoring Authorization Device Geography Time Activity • Real time fraud prevention • “Auto Learning” behavior profiling • Pattern and anomaly detection
- 22. Oracle Directory Services Rapid Application Deployment Accelerates IT Agility Any Application Standard LDAP & Java APIs Dynamically binds at Runtime Oracle Virtual Directory Virtualizes Access to Id-Stores Id- Directory Services Mgr. Multiple DBMS Multiple Directories HR Applications Mainframe/Legacy
- 23. Audit And Compliance Features (1/2) • Integrated architecture and data store – High performance – Integrate once for compliance and provisioning – Aggregated audit and compliance data – OOTB process automation integration • Audit data capture – User profile and group history – User membership history – User entitlement history – Attestation review and action history – Form versioning – Workflow task status history
- 24. Audit And Compliance Features (2/2) • Reporting framework – Pluggable and customizable architecture for standard reports – 3rd party reporting tools support – Out-of-the-box reporting DB with 37 reports • Attestation – Entitlement review – User centric and/or application centric reviews – Out-of-the-box delegate and decline processes – Fully integrated to workflow engine • Denial access policy – Prevention of non-compliant accounts and privileges
- 25. Web-Based Attestation 1 Set Up 2 3 Automated Action 4 Report Built Reviewer Is Notified Periodic is taken based on And Results Goes to Self Service Review Periodic Review Stored in DB Reviewer Selections Email What Is Certify Result Reviewed to User ? Automatically Reject Terminate User Who Decline Notify the Reviews It? Process Owner Archive Notify Delegated Delegate Reviewer Attested Data Attestation Actions Start When? How Often? Comments Delegation Paths
- 26. Attestation Certification Data Scheduling 360 Degree View User Attributes Periodic Scheduling Business Glossary Role Memberships Event Based Audit Exceptions Role Based Attestation for On- Historical Data Entitlement Grants Boarding, Transfers & Termination Approval Data Exception Entitlement Attestation Grants Reminders & Escalations Dashboards for Role Definition Compliance Officers Spreadsheet Exports Role Entitlement Closed Loop Mapping Remediation with OIM Integration
- 27. Oracle Security Inside Out Database Security Identity Management Information Rights Management • Document-level access control • All copies, regardless of location (even beyond the firewall) Information • Auditing and revocation Infrastructure Databases Applications Content
- 28. Information Rights Management Securing Data Beyond the Application Applications Seal Distribute Users Oracle IRM Management Console Oracle IRM Desktop Oracle IRM Server Oracle RM Server Automatic sync of rights/audit Business Managers Secure offline Audit cache or IT Admins Oracle Identity Management
- 29. Information Centric Security Solutions Content INFORMATION RIGHTS Centralized Document Revocation (Digital Document Activity Access Control Shredding) Monitoring and Audit MANAGEMENT Applications IDENTITY Identity Directory Access AND ACCESS Administration Services Management MANAGEMENT DATABASE Activity Access Control and Encryption and SECURITY Monitoring Authorization Data Masking Databases
- 30. Investing in Security Pays Off in Sustainable Compliance Enforce Controls ENFORCE • Segregation of duties MONITOR CONTROLS • Access control CONTROLS Monitor Controls • Who accessed what? Oracle • Who changed what? Security Solutions Streamline Processes • Attestation / Recertification Automate Reporting AUTOMATE STREAMLINE • Out-of-the-box REPORTING PROCESSES compliance reports • Customized reports
- 31. Identity Management Market Leader “Oracle is currently the IdM vendor to beat” “Oracle has established itself as Leader.” - Burton VantagePoint 2008: Identity and Privacy Trends - The Forrester Wave: Identity And Access Management, Q1 2008 User Provisioning, H2 2008 Web Access Management, H2 2008 “Oracle assumes the No. 1 position” - Earl Perkins, Perry Carpenter, Aug. 15 2008 (Research G00159740)
- 32. Questions
- 33. For More Information Quote Attribution Title, Company Get Started Resources • Visit the Oracle Fusion Middleware 11g web • Visit the Oracle IdM Website at: site at http://oracle.com/identity http://www.oracle.com/fusionmiddleware11g • Technical information available at: • Oracle Fusion Middleware on oracle.com http://otn.oracle.com/ www.oracle.com/middleware • Talk to an Oracle IdM Specialist: • Oracle Fusion Middleware on OTN 1-800-633-0738 http://otn.oracle.com/middleware • View demos, videos, iseminars whitepapers: http://oracle.com/identity