Upload
others
View
20
Download
0
Embed Size (px)
Citation preview
2/14/2011
1
<Insert Picture Here>
Profiting from Oracle IDM Security
Benjamin MahDirector, Business DevelopmentIdentity Management & Security – Asia Pacific
Success!
2/14/2011
2
What Does IDM Stand For?
I
• Industry Leader: Oracle and Sun integration combines two industry leaders and FY11 will see a major IDM 11g release
2/14/2011
3
Leader in Magic Quadrants
Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
“Oracle moves to the head of the IAM suite vendors”- Roberta Witty & Earl Perkins, Sept. 11 2007 (Research G00151668)
User Provisioning, Sept 2009 User Provisioning, Sept 2010
Market Leader According To
Q1 2008 Q4 2009
Oracle reached the top of our evaluation through a combination of the breadth, depth, interoperability, and packaging of its IAM features alongside the strategy and current state of market execution on its application-centric identity vision.- The Forrester Wave: Identity And Access Management, Q1 2008
2/14/2011
4
Burton Group - Vendor Momentum
Burton Group's Assessment of Vendor Momentum in the IdM Market,
2007
“Oracle is currently the IdM vendor to beat”- VantagePoint 2007: Identity and Privacy Trends in Enterprise IT
Strongest Vendor According To
“Oracle continues to increase in mindshare while broadening its IdM portfolio.”
- VantagePoint 2008: Identity and Privacy Trends in Enterprise IT
2/14/2011
5
What Does IDM Stand For?
D
• Differentiate and Dominate: Complete, end-to-end Oracle Security solution spanning IDM and DB Security products strengthens our positioning and delivers further value to customers and Oracle
Oracle Fusion Middleware
Infrastructure & Management
Database
Middleware
Applications
2/14/2011
6
Oracle Fusion Middleware Industry Leaders Rely on Oracle Fusion Middleware
Aero & DefenseAero & Defense
12 of Top 1212 of Top 12
ChemicalsChemicals
11 of Top 1111 of Top 11
CommunicationsCommunications
20 of Top 2020 of Top 20
AutomotiveAutomotive
20 of Top 2020 of Top 20
Consumer Consumer ProductsProducts
15 of Top 1515 of Top 15
Education & Res.Education & Res.
10 of Top 10 10 of Top 10 Academic UniversitiesAcademic Universities
Financial ServicesFinancial Services
93 of Top 10093 of Top 100
HealthcareHealthcare
25 of Top 2525 of Top 25
Eng. & Eng. & ConstructionConstruction
8 of Top 108 of Top 10
High TechnologyHigh Technology
36 of Top 4036 of Top 40
Results based on Global Fortune 500 list
Oracle Fusion Middleware Industry Leaders Rely on Oracle Fusion Middleware
Industrial MfgIndustrial Mfg
10 of Top 1010 of Top 10
Media/EntertainmeMedia/Entertainmentnt
11 of Top 1111 of Top 11
Natural Natural ResourcesResources
9 of Top 109 of Top 10
Life SciencesLife Sciences
12 of Top 1212 of Top 12
Oil & GasOil & Gas
17 of Top 2017 of Top 20
RetailRetail
37 of Top 4037 of Top 40
Travel & Travel & TransportTransport
20 of Top 2020 of Top 20
Public SectorPublic Sector
1500+ 1500+ OrganizationsOrganizations
UtilitiesUtilities
18 of Top 1918 of Top 19
Professional SvcsProfessional Svcs
5 of Top 55 of Top 5
Results based on Global Fortune 500 list
2/14/2011
7
Dow Jones 30
Fortune 100
29
98
Global Customers90,000
Best of Breed MiddlewareThe Leader in Middleware - The World’s Leading Companies
Oracle Fusion MiddlewareUnrivaled Java Developer & Enterprise Architect Community
• 20,000+ Fusion Middleware Downloads Per Week
• 1.2 Million Members of Community!
• 100 million OTNpage views in FY09
Total C
ommunity M
embers
2/14/2011
8
Financial ServicesFinancial Services Health SciencesHealth Sciences ManufacturingManufacturing Utilities/EnergyUtilities/Energy CommunicationsCommunications
HorizontalHorizontalIdentity Identity
ManagementManagementEducationEducation GovernmentGovernment RetailRetail
Oracle Fusion MiddlewareIndustry Leadership with ISVs
5,000+ ISVs Support 5,000+ ISVs Support 5,000+ ISVs Support 5,000+ ISVs Support Oracle Fusion Oracle Fusion MiddlewareMiddleware
Identity Management Customers
Financial Services
Manufacturing & Technology
Public Sector
Transportation & Services
Telecommunication
Retail
2/14/2011
9
Real Life Total Economic Impact
• Reduced calls to helpdesk for password reset from 85% to 15%
• $750,000 annual savings for helpdesk
• Completed access integration across >1,000 applications within 2 weeks of a major acquisition
• Reduced user on-boarding time from three to four weeks to 3 days
• Removed > 20,000 rogue & orphaned accounts
• Reduced on-boarding time from 26 hours to 30 minutes for 34,000 + student body
• Reduced administrative effort by 90% (5 FTE to ½ FTE) & help desk calls by 40%
What Does IDM Stand For?
M
• Momentum: IDM business has experienced consistent growth, growing customer adoption, strengthened partner landscape. It’s the right time to be selling IDM!
2/14/2011
10
Show me the money
What Does IDM Stand For?
I
• Industry Leader: Oracle and Sun integration combines two industry leaders and FY11 will see a major IDM 11g release
D
• Differentiate and Dominate: Complete, end-to-end Oracle Security solution spanning IDM and DB Security products strengthens our positioning and delivers further value to customers and Oracle
M
• Momentum: IDM business has experienced consistent growth, growing customer adoption, strengthened partner landscape. It’s the right time to be selling IDM!
2/14/2011
11
<Insert Picture Here>
Business Drivers and Positioning
Benjamin MahDirector, Business DevelopmentIdentity Management & Security – Asia Pacific
Cloud Computing Data Centers Virtualization
• VM Sprawl
• Lack of Control & Visibility
• Sophisticated Security Threats
• Unauthorized Access
• Privileged User Access
• Data breaches
A New Era of Information RisksModern IT Trends
2/14/2011
12
Economic & Threat Chaos
More & Stricter Regulations
Customer Centricity
Business Drivers
Cost Savings
• Business Users• “I want a more Simplified, Consistent and Personalized “Anytime,
Anywhere” access to do my job
• “Single username and password ONLY please”
• “What if I forget my password?”
• We need the system to protect our customers from getting their identities stolen and protect their privacy”
Heard These Questions Before?
Business Users
Info Security
and Audit
• Information Security and Audit• “Does this help us in our compliance efforts with ISO27001,
ISO27002, AS/BS7799, PCI……? How about these encryption and hashing algorithms…”
• “This is too risky. We need stronger authentication.”• “Does this provide reports on Who Has (And Had) Access To
What?”
• IT Personnel• “We need a simple and automated way to create users and
manage their profiles”• “Our users and their passwords are everywhere. We have AD,
Sun LDAP, Databases, you name it”• “Sometimes our partners or corporate customers need access to
this, and we have no idea who they are”• “Does this have Single Sign-On?... With the Cloud?”
IT Personnel
2/14/2011
13
Oracle End to End IDM Solution Positioning
Oracle helps you simplify, unify and secure new business challenges [what we do]
by helping you focus on customers, manage and measure complex risk,,
drive regulatory compliance and simplify security processes and across your business. [How we do it]
EXTEND BUSINESS
OUTREACH
BY
Audience:
• CIO
• CTO
• IT Strategy
• Enterprise Architects
…
OPTIMISE CORPORATE
IDENTITY OPERATIONS
Optimize operational
efficiency with flexible
deployment solutions for
successful security
Management.
• self-service, delegated administration
MANAGING RISK AND
COMPLIANCE
• Centralized Policy Management & Reporting
• SoD, User Access Re-certification
• Risk-Based Extranet
• Entitlements Management
Audience:
• CFOs / CSOs …
• Internal Auditors
• External Auditors
Audience:
• IT Operations Head
• System Administrators
• …
SIMPLIFY SECURITY
Audience:
• CEOs / CIOs
• Business Unit Heads
•…
© 2010 Oracle Corporation – Internal Proprietary and Confidential
Extending outreach
via:
a) Social Media
b) Corporate &
Partners
Automate and standardize
core Identity Management
within business processes to
enable business agility and
system rationalization.
Products:
•Oracle Identity Manager
•Oracle Enterprise Single Sign-
On
•Oracle Entitlement Manager
•Oracle Access Manager
Products:
• Oracle Adaptive Access
• Oracle Identity Manager
• Oracle Identity Analytics
• Oracle Entitlement
Manager
•Oracle Information Rights
Management
Products:
•Oracle Directory Plus
•Oracle Virtual Directory
•…
Products:
• Oracle Access Manager
• Oracle Identity Federation
Extend Business OutreachIdentity Federation
Identity Federation is an act of exchange of identity information between two separate entities (domains).
Identity Domain is a self-contained system that manages a repository of identity information about its users.
2/14/2011
14
2
• The ASP business provides application hosting services to tens of
thousands of users that require secure user authentication and access
• Need a way to manage large user identity population and provide self
service capabilities for users
• Needed state of the art security for its hosted applications
Oracle Solution
• Oracle Access Manager allows Amdahl to
more efficiently deploy their ASP service,
allowing them to further scale operations.
•OAM now provides a strong security model
which helps them overcome potential
customer concerns of outsourcing critical
services in an ASP-hosted infrastructure over
the Internet.
Business Challenges
• Delegated administration capability gives
Amdahl customers the ability to manage their
users.
• SSO for customers even as the users
navigates through multiple areas
• Increased efficiency of its administrative
operations
Return On Investment
Case Study – FujitsuSSO
28
Case Study – Macquarie UniversityOIF & Google Apps
• Moving away from Sun JES Suite (Portal, Apps Server, Collaboration) to a new infrastructure as the old one was too inflexible, costly to manage and hard to extend
• Want to move towards Google Apps (Email, Calendar, etc.) to deliver
better collaboration tools for their students at a lower cost, while
requiring seamless and secure authentication experience
Oracle Solution
• Replaced Sun JES Suite with Oracle Portal as their Student Portal, protected by Oracle Single Sign-On and Oracle Internet Directory
• Deployed Oracle Identity Federation to
federate with Google to achieve cross-domain
single sign-on
Business Challenges
• Oracle Identity Federation provides improved end user experience for students while improving security
• Leveraging Oracle Internet Directory for high
availability and scalability
Return On Investment
2/14/2011
15
29
Managing and Measuring RiskIdentity & Access Governance
• Accelerated and Sustainable Compliance Automation
• Segregation of Duties, Access Certification, Closed-loop Compliance
• Actionable Dashboards & Comprehensive Analytics
• Optimized for Analysis, Mining, Correlation, Reporting on Identity, Access and Policy Data
SoD Monitoring
Role Governance
Access Certification
IdentityWarehouse
Dashboard and ReportsIdentity Data Sources
Identity Manager
Access Manager
30
Case Study – Express ScriptsAutomation of Identity Governance
• Express Scripts, Inc. is a pharmacy benefits management company that provides affordable prescription drugs to its clients and member base.
• The company needed to address the following issues: SoX, efficiencies, & help-desk volumes
• ESI had thousands of roles and only 10K employees
Oracle Solution
• OIA & Sun Identity Manager allowed them to reduce headcount substantially in security administration and IT security.
• ESI on-boards over 30% of their organization with Business Roles, which provision directly to the applications
Business Challenges
• RBAC will provide an efficient means of identifying, tracking, and managing who gets access to what, proper delegation, reporting, and resolution of potential issues – identifying a person’s systems access by their job function.
• IdM solution will ensure compliance by automating common tasks and workflows, thereby reducing the possibility of human error in the user access processes.
Return On Investment
2/14/2011
16
31
Device
Geography
Time
Activity
Secure Mutual Authentication
Risk-Based Authorization
• Real time fraud prevention
• “Auto Learning” behavior profiling
• Pattern and anomaly detection
Oracle Access Management Suite
Risk Scoring
Managing and Measuring RiskRisk-Based Access Control
32
• Comprehensive real-time fraud prevention and detection for multifactor authentication across all electronic channels including, Internet, Mobile Banking, IVR, ATM, POS was needed to deal with increasing cross channel fraud
• Compliance with data security and privacy regulations
• Scalability regarding users/customers, channels and companies (countries)
needed to be ensure to accommodate the dynamic nature of EFG Eurobank
Group
Oracle Solution
• OAAM has been purchased in February 2010
• Oracle Adaptive Access Manager to be
implemented in 7 countries namely Bulgaria,
Romania and Serbia, Poland, Turkey, Ukraine and
Cyprus.
• 400, 000 external users are managed by OAAM
• Project won against key competitor IBM who
partnered with Actimize to complete their lack of
product portfolio.
• EFG will be the first Multichannel project of OAAM in EE&CIS to be implemented in heterogeneous e-Banking systems like FlexCube@ (Oracle based) and ESB (IBM based).
• The implementation is scheduled in 2010
• Local partner Singular Logic alongside with Integral (US) will implement. Oracle Consulting is taking over the project
management role
• OAAM will bring the banks Security polices into production based on payment channel oriented rules. This will ensure
customers reputation for secure multi-channel banking and will avoid costs based on real-time fraud prevention and
detection.
Return On Investment
Case Study – EFG Eurobank Secure Multi-Channel Banking
Business Challenges
2/14/2011
17
Secure Content with Information Rights MangementManage Information Beyond Your Firewall
E-Mail Archives
Physical Content
Database
File Servers
Enterprise Applications
Legacy Applications
Use case: Renault F1
Renault F1 sought to protect its technological specifications against competitive espionage. Oracle IRM is delivering:
• Secure access to documents for partners, suppliers and manufacturers
• The ability to revoke users’ rights
• Remote access to data for track-side technicians
• Centrally managed access rights across the globe
• All applications directly store files within the central repository
2/14/2011
18
35
• Automate Provisioning / Deprovisioning
• Role Management
• Identify orphaned accounts
• Report on “Who has access to what”
• Self-service requests
Simplify and Automate SecurityIdentity Administration
HR System ApprovalWorkflows
Employee Joins / Departs
Applications
GRANT
REVOKE
GRANT
REVOKE
GRANT
REVOKE
Oracle Identity Manager
3
Case Study – Royal Bank of Scotland 100% Reduction in Unauthorized Privileges
• Access management for globally distributed, multi-brand, 140,000+
workforce is manual, distributed, and non-standardized
• No one reliable source for “who has access to what”
• Poor identity and role data to enable automation
Oracle Solution
• Implemented OIM and ORM as enterprise
identity management platform
• Implemented automated provisioning and continuous reconciliation to secure critical infrastructure applications
• Replaced legacy role management system and added delegated admin and workflow capabilities
Business Challenges
• Lower costs and improved the speed of
meeting compliance and internal audit
mandates
• 100% reduction in unauthorized privileges, 90% reduction in exceptions and 90% reduction in roles and groups
• Standardized and remove duplicate processes and systems
Return On Investment
2/14/2011
19
3737
LDAP
Active Directory
LDAPSilos
App A
App B
OracleVirtualDirectory
Databases
Optimize Identity OperationsCentralize Identity Data
• Virtual consolidated view of identity silos
• Real-time identity data integration
• Accelerated applications deployment
• Eases pain of directory consolidation
3
• Multiple passwords in different systems were stressing the
support staff
• It was impossible to meet compliance requirements with
passwords in different locations/systems
• Bank needed to maximize investment in Oracle application
platforms
Oracle Solution
• Deployed Oracle Internet Directory and
Directory Integration Platform to
synchronize with MS Active Directory
• Implemented OSSO, EUS and PAM
Authentication to OID
• EUS leveraged by Financials Discoverer,
DBA and ad-hoc client applications.
Business Challenges
• 80% decrease in help-desk calls on
DB and OS password questions
• Able to apply consistent security
policies regardless of systems
• Leveraging AD and WNA to provide
simpler and more productive
environment for end-users
Return On Investment
Case Study – AMTrust BankReduced Help-Desk Calls
2/14/2011
20
Increasing Business Value
Enable Business Growth Increase ROI
��������
��������
��������
��������
$1,290,000 – IT help desk costs
$1,379,000 – Access audit & remediation
$ 562,000 – Security breach avoidance
$ 5,201,000 – Total Savings
$1,970,000 – User provisioning
Illustration: $15B firm with 50,000 users (Source: Forrester Research, 2008)
ROI Payback
212% 6 monthsIncrease Customer Confidence
Enable Business Agility
Securely Enable New Channels
The Most Complete & Integrated Suite
• Unified Install/Configuration
• New Web2.0 UI
• Common Policy Authz Models
• Common Auditing/Reporting
• BPEL-based Workflow
• Shared Services Architecture• Password Management
• Identity Administration
• Single Sign-On
• Strong Authentication
2/14/2011
21
Oracle End to End IDM Solution Positioning
Oracle helps you simplify, unify and secure new business challenges [what we do]
by helping you focus on customers, manage and measure complex risk,,
drive regulatory compliance and simplify security processes and across your business. [How we do it]
EXTEND BUSINESS
OUTREACH
BY
Audience:
• CIO
• CTO
• IT Strategy
• Enterprise Architects
…
OPTIMISE CORPORATE
IDENTITY OPERATIONS
Optimize operational efficiency
with flexible deployment
solutions for successful security
management
MANAGING RISK AND
COMPLIANCE
• Centralized Policy Management
• Centralized Reporting
• Risk-Based Extranet
• Entitlements Management
Audience:
• CFOs / CSOs …
• Internal Auditors
• External Auditors
Audience:
• IT Operations Head
• System Administrators
• …
SIMPLIFY SECURITY
Audience:
• CEOs / CIOs
• Business Unit Heads
•…
© 2010 Oracle Corporation – Internal Proprietary and Confidential
Leveraging on Social
Media e.g.
Facebook/Gmail
platform for
business extension
Automate and standardize core
Identity Management within
business processes to enable
business agility, system
rationalization and rapid
product introduction.
Products:
•Oracle Identity Manager
•Oracle Enterprise Single Sign-
On
•Oracle Entitlement Manager
•Oracle Access Manager
Products:
• Oracle Adaptive Access
• Oracle Identity Manager
• Oracle Identity Analytics
• Oracle Entitlement
Manager
•Oracle Information Rights
Management
Products:
•Oracle Directory Plus
•Oracle Virtual Directory
•…
Products:
• Oracle Access Manager
• Oracle Identity Federation
•…
Start CRANKING !