Upload
vladan-dabovic
View
254
Download
4
Embed Size (px)
Citation preview
<Insert Picture Here>
Oracle Identity And Access Management
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remain at the sole discretion of Oracle.
<Insert Picture Here>
Problem Statements
More regulations than ever…
• Federal, state, local, industry…adding more mandates every year!
• Need to meet AND demonstrate compliance
• Compliance costs are unsustainable
Report and audit ?
Source: IT Policy Compliance Group, 2007.
90% Companies behind in compliance
Higher Costs Than Ever…
• User Management Costs
• User Productivity Costs
• Compliance & Remediation Costs
• Security Breach Remediation Costs
It Adds Up$
5 Questions to ask your Chief
Information Security Officer
Q: How do you control access to your sensitive applications?
a – Usernames and passwordsb – Contextual authenticationauthorization
c – Hardware token
Q: What determines your employee’s access?
a – Give Alice whatever Wally hasb – Base on her business rolesc – Whatever her manager says
Q: Who is the most privileged user in your enterprise?
a – Security administratorb – CFOc – The 3-peat summer intern who is now working for your competitor
Q: How secure is youridentity data?
a – It is in 18 different secured storesb – We protect the admin passwordsc – Privacy? We don’t hold credit card numbers
Q: How much are manual compliance controls costing your organization?
a – Nothing, no new headcountb – Don’t askc – Don’t know
Enterprise Applications Today
Customers & Partners
Admins Business Users
• Mix of custom, legacy & packaged applications
• Silo’ed and disjointed security
• Numerous identity stores and policy administration points
• Too many users with privileged access
• Highly evolving and regulated business environment
Next Generation Security Challenges
Auditors & Regulators Identity Thieves
Rogue Employees Privileged Users
Next Generation Security Solutions
Auditors & Regulators Identity Thieves
Rogue Employees Privileged Users
Identity Gover
nance
Fraud Preve
ntion
Entitlement Management
Data-Cente
r Secu
rity
Identity Governance
• Attestation of user access is a manual process
• User access does not match their jobs
• Segregation of duties policies not enforced
Identity Theft & External Fraud
• Enterprise brand often used in phishing attacks
• Stolen identity and credit cards used to pay for on-line purchases
• Consumers hesitate to embrace on-line self service due to fear of identity theft
Data Privacy & Internal Fraud
• No fine grained control of data visibility and transaction level access
• Inappropriate or fraudulent use of enterprise IT assets and information services
• Difficult to prove compliance with data privacy and consumer rights regulations
Data Center Security
• Administration of users in hundreds of DB is not scalable
• DBA can see all data, violating data privacy mandates
• Integration of identity infrastructure takes 12 months or longer after an acquisition
<Insert Picture Here>
Value Propositions
20
Business Requirements for IT Security
Managing
Security & Risk
Increasing Business Value
Sustaining
Compliance
Oracle Identity ManagementFour C’s of Success
• Prevents losses from fraud
• Provides low cost Secondary AuthN
• Reduces help desk calls
Cost Savings
• Cost-effective and future-proof
• HIPAA, SOX, FFIEC, PCI compliance
Compliance
• Improves and streamlines user experience
• Simplifies application development and deployment
Client Experience
• End to end capabilities from a single suite
• Protects applications across multiple channels
Cross-Channel Security
21 Copyright © 2009, Oracle. All rights reserved
How Can Identity Management Help?Establish Enterprise Identity & Roles
• Consolidate or virtualize multiple, complex identity environments to a single enterprise identity source
• Automate linkage of employee records with user accounts
• Establish enterprise roles for automation, compliance and business continuity
• Eliminate rogue and orphaned accounts
? !X
• Enforce strong password policies via synchronization or single sign-on (SSO)
• Implement strong authentication and risk based authorization for critical apps and web services
• Enforce minimal access rights based on roles, attributes, and requests
• Leverage federation technologies for cross-domain SSO
How Can Identity Management Help?Enforce Strong And Granular Security Policies
• Reduce administration cost and improve service level with delegated administration & self-service
• Implement scalable and dynamic approval workflows leveraging dynamic enterprise role and organization data
• Automate detection of fraudulent activities based on policies
• Role and attribute driven provisioning of applications with exact access levels
How Can Identity Management Help?Automate Security Related Processes
• Implement automated attestation for entitlements, roles, policies, workflows….
• Implement exception driven process automation
• Implement segregation of duties around roles and entitlements
• Implement automations and controls for management of privileged users
How Can Identity Management Help?Define Audit And Control Framework
• Define an enterprise-wide integration standard
• Leverage all integrations through a single interface / application
• Heavily leverage open standards to protect IT investments
• Maximize out-of-the-box integrations across technology stacks: applications, middleware, database and operating systems
How Can Identity Management Help?Deploy A Scalable Integration Architecture
• Automate user management, manage entitlements, enforce segregation of duties
• Link HR employee data to user accounts
• Integrate application to enterprise directories and portals
• Enforce appropriate and granular level of access control based on application and data being accessed
How Can Identity Management Help?Security And Control For Enterprise Applications
Financials
SCMERP
Procure-To-Pay Process
Issue POAccept
Shipment
Issue
Payment
• Externalize and centralize authentication and authorization of database users with optional strong authentication
• Centrally manage database users and database roles
• Implement strong control over DBA access
• Automate security management of shared accounts
How Can Identity Management Help?Manageability and Security For Databases
DBA
DBA
DBA
• Manage Who has access to What, When, How and Why for SOX, FFIEC, GLBA and PCI compliance
• Automate termination and job transfer processes for tight security
• Detect and remediate fraudulent activities against both outside and inside threats
• Enforce segregation of duties and Chinese Wall regulatory mandates
How Can Identity Management Help?Compliance & Fraud Mgmt. For Financial Services
• Manage scalable lifecycle management for a highly dynamic and seasonal workforce
• Improve access security for shared terminals such as POS and warehouse terminals
• Enforce segregation of duties across heterogeneous systems such as receiving and payment
• Enable federated access for supply chain partners
How Can Identity Management Help?Scalable Security And Administration For Retail
• Deploy secured storage and control processes to guard patient’s data privacy
• Deploy audit and control mechanisms to ensure cost effective compliance to HIPAA
• Implement access control to ensure the security of shared workstations for single sign-on and sign-off
• Enable self-service and automated application provisioning for mobile healthcare workers
How Can Identity Management Help?Guarantee Patient Privacy For Healthcare
• Provide secured access for residents to government services via strong auth’n, risk based auth’z & safeguarding of identity data
• Enable cost efficient compliance for HIPAA, PCI, …etc.
• Streamline management of large & distributed user base via self-service & delegated admin.
• Simplify identity & security integration across dispersed agencies, districts and departments
How Can Identity Management Help?Enable Service Delivery For Local Government
<Insert Picture Here>
Oracle and Enterprise
Security
34Oracle Confidential
34
Information Rights Management
• Encryption and Masking
• Privileged User Controls
• Multi-Factor Authorization
• Activity Monitoring and Audit
• Secure Configuration
Identity Management
Database Security
Databases
Applications
Content
Oracle Security Inside Out
Infrastructure
• User Provisioning
• Role Management
• Entitlements Management
• Risk-Based Access Control
• Virtual Directories
• Document-level access control
• All copies, regardless of location(even beyond the firewall)
• Auditing and revocation
Information
Information Centric Security Solutions
Databases
Applications
DATABASE SECURITY
Encryption and Data Masking
Access Control and Authorization
Activity Monitoring
IDENTITY AND ACCESS MANAGEMENT
IdentityAdministration Directory Services
Access Management
INFORMATION
RIGHTS
MANAGEMENT
Centralized Document Access Control
Revocation (Digital Shredding)
Document Activity Monitoring and Audit
Content
<Insert Picture Here>
Oracle and Identity
Management
Oracle Identity ManagementCommitment to Leadership & Innovation
Innovate
Lead
Build
Acquisition of Sun ���� OIA, DSEE
Acquisition of BEA���� OES
Acquisition of Bharosa���� OAAM
Acquisition of Bridgestream���� ORM
Identity Governance Framework
1999 20072005 2006
Market Leader in Forrester’s IAM Wave
Oracle IdM Eco-system
Oracle eSSO
Leader in Gartner’s UP & WAM Magic Quadrant
Oracle Identity and Access Management Suite
Identity Audit and Compliance offering
Acquisition of OctetString���� OVD
Acquisition of Thor ���� OIM
Acquisition of Oblix���� OAM, OIF & OWSM
Acquisition of Phaos���� Federation and WS technologies
Oracle Internet Directory
2009 2010
Oracle IdM Key Success Factors
• Acquire best-of-breed products and talents• Phaos, Oblix, Thor, OctetString, Bharosa, Bridgestream
• Each company had strong technical and management talents
• Integrate BEA and Sun
• Retain and invest• Still have > 90% retention rate of acquired employees
• Acquired employees hold key mgmt. and technical positions
• Team size grew organically by > 100% post 2005 acquisitions
• Customer focus
• Focus on low TCO architecture
• Focus on customer success
• Focus on long-term customer partnership
IdM Is Strategic To Oracle
• IdM is key security infrastructure for Fusion
• IdM is a key component of the GRC strategy
• Oracle has invested in 7 acquisitions in IdM since 2005
• Oracle has invested heavily in organic growth• > 500 developers
• > 25 product managers
• > 80 QA
• > 100 support
<Insert Picture Here>
Products & Partnerships
Oracle’s Identity Management Portfolio
Platform Security Services
Access Management*Identity Administration Directory Services
Access Manager
Adaptive Access Manager
Enterprise Single Sign-On
Identity Federation
Entitlements Server
Identity Manager Directory Server EE
Internet Directory
Virtual Directory
Identity Analytics
Management Pack For Identity Management
Operational Manageability
Identity & Access Governance
*Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet
5 variations of the suite solution and product slides
Oracle’s Identity Management Portfolio
Platform Security Services
Access ManagementIdentity Administration Directory Services
Authentication & SSO
Risk-based Authorization
Federation and STS
Fine grained entitlements
Web Services security
Identity lifecycle
Role & Relationship Management
Provisioning & Reconciliation
Password management
LDAP storage
LDAP synchronization
Identity virtualization
OS authentication
Audit Reporting Analytics Fraud Forensics Attestation SoD
SLA Performance Configuration Automation Diagnostics Patching
Operational Manageability
Identity & Access Governance
*Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet
5 variations of the suite solution and product slides
Internet Directory
Virtual Directory
Directory Server EE
Access Manager
Adaptive Access Manager
Enterprise Single Sign-On
Identity Federation + Fedlet
Entitlements Server
Web Services Manager
OpenSSO STS
Access Management
Identity Manager
Identity Admin. Directory Services
Oracle’s Identity Management Suite
Identity Analytics
Identity & Access Governance
Enterprise Manager IdM Pack
Manageability
5 variations of the suite solution and product slides
Oracle Identity Management
Provisioning & Identity
Administration
AccessManagement
DirectoryServices
Roles-based User Provisioning
Password Management
Self Service Request & Approval
Authentication, SSO & Fraud Prevention
Authorization & Entitlements
Web Services Security
Information Rights Management
LDAP Storage
Virtualized Identity Access
Platform Security ServicesIdentity Analytics
Reporting Attestation SoD Mining Identity Services for Developers
5 variations of the suite solution and product slides
Oracle Access Management
• Comprehensive security for applications, data, documents, web services
• End-to-end authentication, single sign-on, and fine grained application protection
• Innovative anomaly detection, transaction security, and secondary authentication
• Extensive 3rd party integrations
45 Copyright © 2009, Oracle. All rights reserved
Access Management
- Confidential - © 2009 Oracle Corporation
46
• Single Platform to Secure Access to Data, Applications and WebServices
• Centralized Session Management to deliver stronger security
• Stronger methods of Authentication including OTP tokens, and KBA
• Enhanced Manageability• Centralized Server and Agent Administration
• Inline Diagnostics and Troubleshooting
SSO, Authorization & Entitlements
• Pluggable authentication, flexible identity assertion
• Centralized, fine grained policy administration
• Distributed, dynamic access enforcement
• Compliance auditing
Oracle Access Manager
Oracle Access Manager
User Authentication
Authentication
End User
Authentication Decisions
Oracle Internet Directory
User Data
Directory Integration Platform or Oracle Identity Manager
Oracle HTTP Server
LDAP Authentication
User Synchronization
OAM Webgate agent
Enterprise User Store
Enterprise User Store
Local User Store
Deployed Application
WebLogic Server
Flexibility to use other LDAP servers for Authentication Decisions
Optional with OAM
Oracle Identity Federation
IDM infrastructures
Identity Stores
Policy Stores
AuthN & SSO
Portals
ApplicationsFedlet for
Service partners
Trade partners
Fedlet for
Affiliates
Cert Stores
Certificate
configuration
Identity Provider
discovery
Integration
APIs
Account
mapping
Oracle Identity Federation
SAML 2.0WS-Fed
SAML 1.1
Fraud Prevention
• Real-time anomaly detection
• Automatically learns patterns
• Knowledge-based and one-time-pin challenges based on risk
• Centralized policy administration, dashboards, investigation/forensics tools
Authentication & Fraud Prevention
• Authentication Security
• Real-time Anomaly Detection
• Proactive Fraud Prevention
• Reporting and forensics
Oracle Adaptive Access Manager
Secure Login
Challenge
or Block
Model Risk
Analysis and Forensics
Detect Anomalies
Evaluate transactions
Security for Applications
• Consolidated application security policy
• Enforcement across application and data tiers
• Fine grained controls enables fine grained compliance
• Anomaly and risk based authentication & authorization
52 Copyright © 2009, Oracle. All rights reserved
Oracle AccessManagement Suite
App
Entitlements Management
Before After
• Hard-coded security policies
• Brittle policy management
• Application policy silos
• Externalized entitlements
• Agile business policies
• Centralized policy management
Application
App
App
App App
Entitlements Management
• Complete application security
• Fine-grained entitlements
• Granular enforcement & controls
• Risk aware fine-grained authorizations
Authorization EnforcementEntitlements Administration
Enforce Access
Distribute Policies
Evaluate Policies
Model Resources
Define Policies
Map Enterprise Entitlements
Application
GRANT
REVOKE
Oracle Entitlements Server
• Centralized policy management, distribution
• Localized policy decisions and enforcement
• Protect any system or business component across heterogeneous platforms
OES PDP
App
App
App
OES PDP
OES PDP
OES PAP
Audit
Audit
Audit
LDAP
Enterprise Data
policy
policy
policy
• Leverage existing identity stores and enterprise data for entitlements decisions
Oracle Web Services Manager
ClientsJ2SE, J2EE, .NET
Web ServicesEndpoints (J2EE, .NET)
Policy Enforcement Points (PEP)
OWSM Server And Admin Console
Policy Management Monitoring
Gateway Option
Client-Side Agents Option
Server-Side Agents Option
(Last-Mile Security)
Extranet Provisioning
• Millions of users and hundreds of organizations but simpler provisioning policies
• User/company registration, account and password management
• Multi-tier delegated administration and compliance reporting
Internet
Delegated admin
Password reset
Self registration
Customers Partners Suppliers
SSO/LDAP
CRM/Billing
Social NetworkingUser
Organization
Multiple Identity Data StoresIdentity Data
Single View
Oracle Virtual Directory
• Virtual consolidated view of identity silos
• Real-time identity data integration
• Accelerated applications deployment
• Eases pain of directory consolidation
Centralize Identity Data
Scalable, Secured & Agile Infrastructure
LDAP
AD
LDAP
Finance DBA
CRM DBA
Finance
HR
CRM
Centralized Management of DBAs
Integration with Active Directory
SoD for Privileged DBA Access
DBAsEnterprise
UserSecurity
App A
App B
OracleVirtualDirectory DB Vault
Identity as a Service
Identity Store, Credential Store, and Policy Store Providers
Declarative Security Services
Fusion Apps 3rd Party/Custom Apps Cloud Service Providers
Web Services
Role Mgmt Directory SvsID AdminAuthorization Authentication Audit
Access Management Directory ServicesIdentity Administration
Federation
Oracle’s Comprehensive IdM Solutions
Info. Sec, AuditorEnd Users Administrator
Reporting & Analytics
Attestation
Segregation of Duties
Fraud Detection
Strong Authentication
Risk Based Authorization
Federation
Self-Service
Identity Admin
Account Admin
Organization Admin
Role Management
Delegated Admin
Business Apps, HR
Provisioning
Reconciliation
Password Mgmt.
WS Security
Directories, DB
LDAP Virtualization
LDAP Storage
LDAP Synchronization
DB User Security
App Server, OS
Java Platform Security
Authentication For Operating Systems
Oracle Identity Management & Security Platform
For More Information
search.oracle.com
or
oracle.com
Identity management