Embed Size (px)
DESCRIPTION
Citation preview
<Insert Picture Here>
Building a Comprehensive Identity Roadmap
This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
Agenda
• Getting Started
• Roadmap Complexity
• Quick Wins
• Increasing Maturity
• The Cloud
Building a Roadmap is Complicated It’s Task of Prioritization and Opportunity Overlap
Business vs. Application
Owners
Compliance vs.
Risk
Multiple Priorities
Timeline &
Deliverables
Assess The Business Opportunity Compliance, Risk and Economic Opportunities
3X
Scale Efficiency Security
User Productivity Operational Cost Opportunity Cost
New Customers Quality of Service
Regulatory Compliance Internal Governance Security Risk
Look at Top Regulatory Audit Exposures
• Users who have separated still have accounts
Orphaned Accounts
• Aggregation of access privileges beyond job role
Excessive Access
• Enforcing strong passwords regular user password reset
Password Aging
• Review regulated application access and attestation
Access Certification
• Conflicting privileges and business firewall
Separation of Duties
• 8 out of 10 customers tackle the orphaned account issue first
• Look at role management and analytics to address certification
• Role based provisioning to address excessive access
Assess Existing Infrastructure Gap of Current Capability vs. Desired Capability
Administration Authentication Authorization Audit
• On-boarding
• Off-boarding
• Self-service
• Privileged access
• Delegated admin
• Sign-on
• Password aging
• Web-SSO
• Password management
• Declarative security
• Fine-grained entitlements
• Federated access
• Entitlement review
• Role lifecycle • Access
remediation
Complexity LOW HIGH
Con
trol
Master User Index Central Authentication
Single-Sign On Password Management
User Lifecycle User Self Service
Risk Analytics Role Management Adaptive Access
Roadmap Capabilities to Maturity Prioritize on Complexity and Control
External Auth SOA Security
Start with Figuring out Who’s Who Corporate Directories are Low Hanging Fruit
Look for Convergence Opportunities
• Reduce number of separate identity silos • Expansion Shared Services vs. LOB IT
• Compliance and Security Requirements
Corporate LDAP
Extranet LDAP
Customer LDAP
LOB
Employees/Partners/Customers
Business Affiliates/Subsidiaries
“Convergence drives Unification”
• Lower TCO • Lower Administration Effort
• Improved User Experience
Virtual
Synch Storage
Passwords Provide Quick Win Quick ROI on Compliance and Reduce Risk
86% Of Hacking Involve Lost, Stolen or Weak Credentials
Verizon Data Breach Report , 2010
50% Of Help Desk Calls are Password Related
$40 Average Cost of Every Call to Help Desk Change Password
140% ROI
12 months Payback period
Source: ESSO Buyer’s Guide:, Sep 2011 Link: http://bit.ly/OperantConditioning
• Accountability for access
• Measuring effectiveness & risk
• Prevent audit violations
• Sustainable audit process
• Coverage across systems
User Provisioning
Certification Review
Address Internal Governance Administration and Risk Analytics
Declarative Security & External Authorization Secure SOA, Portals, Data and Home Grown Apps
• •
• •
• • A
pp
App
App
• Protect Your Data
• Secure Transactions
• Central Audit Control
• SoD Checking
• Role Based Access
Managers
Roles, Entitlements,
Apps Catalog
Cart
Users
• User Satisfaction
• Reduce Helpdesk Cost
• Audit Trail
• Track Access Privilege
• Standardize Workflow
• Simplify New Service Rollout
Administration: Connect it All Shopping Cart Convenience
Become Context Aware Prevent and Detect Anomalous Behavior
89%
Reducing Surface Area of Attacks
Preventable Breaches
Source: “Adaptive Access Management: An ROI Study” a commissioned study conducted by IDC on behalf of Oracle, 2010
ROI Payback period Total benefits Total costs Net benefits
106% 12.1 months $6,007,641 ($2,912,513) $3,095,129
Dimensions of Cloud Identity Management
Identity as a Bridge to Cloud
c c Are you using cloud apps?
Are you building cloud apps?
Do you need IdM but don’t want to maintain it?
Identity as a Foundation for Cloud
Identity Hosted as a Cloud Service
Identity Management Bridges the Gap
Identity
Administration Audit
Risk Management
AuthN and AuthZ
Adaptive Access • Context / Risk Aware • Anomaly Detection • Fraud Detection
Access • Single-sign on • Password policy • Authorization policy • Entitlements
Scalable Repository • Identity Synch • Identity Virtualization • Reporting
Tools Point Solutions Platform Intelligence
Private In-House Cloud
Private Hosted Cloud
Public Cloud
Administration • Role Mgmt • Provisioning • Identity Analytics • Certification
Summary
• Prioritize Based on Complexity
• Assess Existing Infrastructure
• Look For Quick Wins
• Plan For Cloud
www.facebook.com/OracleIDM www.twitter.com/OracleIDM
blogs.oracle.com/OracleIDM
www.oracle.com/Identity
