Management - Forum PAarchive.forumpa.it/forumpa2007/convegni/relazioni/405_alberto... · SAP R/3,...
Transcript of Management - Forum PAarchive.forumpa.it/forumpa2007/convegni/relazioni/405_alberto... · SAP R/3,...
<Insert Picture Here>
Security and Identity
Management
J. Alberto YépezVice PresidentOracle Corporation
Agenda
• Corporate Background• Business Drivers• Oracle’s Strategy• Case Studies• Oracle’s Differentiation
<Insert Picture Here>
Corporate
Background
Strategic Acquisitions
• PeopleSoft / JD Edwards (1/05)
• Retek (4/05)• ProfitLogic (7/05)• i-flex (8/05)• G-Log (9/05)• TempoSoft (12/05)
• Siebel (1/06)• 360Commerce (1/06)• Portal Software (4/06)• Demantra (6/06)• Telephony@Work (6/06)• Metasolv (10/06)• SPL WorldGroup (11/06)• Agile Software (5/07)
• TimesTen (06/05)• TripleHop
Technologies (06/05)• Context Media (07/05)• Innobase (10/05)
• Sleepycat (2/06)
• IronFlare (5/01)• TopLink (6/02)• Collaxa (1/04)• Phaos Technologies (5/04)
• Oblix (3/05)• Thor Technologies (11/05)• OctetString (11/05)
• HotSip (2/06)• Net4Call (4/06)• Sigma Dynamics (8/06)• Sunopsis (10/06)• Stellent (11/06)• Hyperion (3/07)• AppForge, LODESTAR
c.f. http://www.oracle.com/corporate/acquisition.html
Applications 2005
Applications 2006
Database 2005
Database 2006
Middleware <2005
Middleware 2005
Middleware 2006+
<Insert Picture Here>
Business
Drivers
Today’s e-Government IT Challenges
More Responsive• More accessibility for employees, citizens and business• Reduce cost, self-service environment• Faster reaction to changing requirements
More Secured• Identity theft• Intellectual property theft• Organized crime• Constant global threats
More Compliant• Increasing regulatory demands• Increasing privacy concerns• Global and EU directives
State Of Security In Public Sector
• Incomplete• Multiple point solutions from many vendors• Disparate technologies that don’t work together
• Complex• Repeated point-to-point integrations• Mostly manual operations
• ‘Non-compliant’• Difficult to enforce consistent set of policies• Difficult to measure compliance with those policies
Security Critical To Business Continuity
1996
• Amateur hackers
• Web site defacement
• Viruses
• Infrequent attacks
2007
• Organized crime
• IP theft
• Identity theft
• Privacy
Managing Operational Risks
• Majority of security breaches from within organization• Fragmented security policies
• Orphaned accounts• Expired access rights• Lack of aggregated audit and accountability
• Leaked passwords, social engineering • Manual provisioning of user accounts requests prone
to errors• IT administrators unaware of organizational and role
changes• Identity theft
Identity Management
Auditingand
ReportingWorkflow and Orchestration
EmployeesIT Staff SOA Applications
Business
External
Delegated Admin
SOA Applications
Citizens
Internal
Identity Management Services
Access Management•Authentication & SSO•Authorization & RBAC• Identity Federation
Identity Administration•Delegated Administration•Self-Registration & Self-Service•User Group & Roles Management
Directory Services•LDAP Directory•Meta-Directory•Virtual Directory
Identity Provisioning•Who, What, When, Where, Why•Rules and Access Policies• Integration Framework
Monitoringand
Management
NOS/DirectoriesOS (Unix)
InfrastructureApplications
ERP CRM HR Mainframe
Physical Assets
Cell Phone Physical Access
<Insert Picture Here>
Oracle’s
Strategy
Oracle’s IdM Strategy
Databases
Business Intelligence
Business Applications
SOA Applications
Fusion Middleware
Enterprise Manager
Identity &
Security
SOA Applications
IdM is part of Fusion Middleware
Oracle’s Identity & Security Strategy
• Complete, unified solution• Coherent and comprehensive security• “Cross-silo” integrated identity & security
• Application-centric• Protecting business processes and web services (SOA)• Identity & security as infrastructure, not bolt-on layer
• Hot-pluggable• Standards-based• Heterogeneous• Best-of-breed components as well as integrated IAM suite
AccessAccessControlControl
Identity & Access ManagementDirectoryDirectoryServicesServices
IdentityIdentityAdministrationAdministration
Authentication & Authentication & AuthorizationAuthorization
Single SignSingle Sign--OnOn
FederationFederation
Web Services SecurityWeb Services Security
Identity LifecycleIdentity LifecycleAdministrationAdministration
Role & MembershipRole & MembershipAdministrationAdministration
Provisioning &Provisioning &ReconciliationReconciliation
Compliance AutomationCompliance Automation
VirtualizationVirtualization
SynchronizationSynchronization
StorageStorage
Service Levels Configuration Performance Service Levels Configuration Performance AutomationAutomation
ManagementManagement
Audit Data Attestation Segregation of Duties Audit Data Attestation Segregation of Duties ControlsControls
Audit & ComplianceAudit & Compliance
AccessAccessControlControl
Oracle I&AM ProductsDirectoryDirectoryServicesServices
IdentityIdentityAdministrationAdministration
Oracle Access ManagerOracle Access Manager
Oracle EnterpriseOracle EnterpriseSingle SignSingle Sign--OnOn
Oracle Identity FederationOracle Identity Federation
Oracle Web ServicesOracle Web ServicesManagerManager
Oracle Identity ManagerOracle Identity Manager
Oracle Virtual DirectoryOracle Virtual Directory
Oracle Internet DirectoryOracle Internet Directory(with Directory Integration(with Directory Integration
Platform)Platform)
Oracle Enterprise Manager for Identity ManagementOracle Enterprise Manager for Identity Management
ManagementManagement
Oracle Identity & Access Management SuiteOracle Identity & Access Management Suite
Audit & ComplianceAudit & Compliance
Complete, Unified Security
• Application security• Fine grained access control across applications• Integrated with packaged enterprise applications
• Middleware security• Comprehensive Identity Services Framework• Integrated security with application server and SOA framework
• Data security• Data security at rest, in transit and in archive• Consolidation of management and security of auditable data
• Physical security• Integrated logical and physical security
Data Privacy
AdvancedAdvancedSecuritySecurity
LabelLabelSecuritySecurity
SecureSecureSearchSearch
DatabaseDatabaseVaultVault
MultiMulti--factorfactorDBA ControlsDBA Controls
EncryptedEncryptedDataData
AuthorizedAuthorizedSearchSearch
DataDataClassificationClassification
AuditAuditVaultVault
Monitor, Alert,Monitor, Alert,ConsolidateConsolidate
Content/Content/Record DBRecord DB
UnstructuredUnstructuredData MgmtData Mgmt
Ensure Data Privacy at All LevelsProtect from Insider Threat
Safeguard Personally Identifiable Information (PII)Efficiently and Effectively Meet Regulatory Requirements
Application Centric Security
• Comprehensive security for applications• Single sign-on and federated access• Fine grain authorization• Roles and entitlements management• HR and identity management process integration
• Identity Services Framework• Identity services as infrastructure• Rapid-integration enabled security platform• Abstracted identity storage• Centralized policy enforcement and compliance monitoring
Oracle ApplicationOracle ApplicationIntegrationsIntegrations
Oracle IdM-App Integration Offerings
SAP & Other ApplicationSAP & Other ApplicationIntegrationsIntegrations
Oracle eOracle e--Business SuiteBusiness SuitePeopleSoftPeopleSoftSiebelSiebelJD EdwardsJD EdwardsOracle Retail (H1 2007)Oracle Retail (H1 2007)PeopleSoft Campus (2007)PeopleSoft Campus (2007)Telecom/Portal (2007)Telecom/Portal (2007)Oracle Clinical Solutions (2007)Oracle Clinical Solutions (2007)
SAP R/3, Basis, CUASAP R/3, Basis, CUASAP HRMSSAP HRMSSAP Certification (2007)SAP Certification (2007)Lawson (2007)Lawson (2007)other tierother tier--2 applications2 applicationsSCT SCT SungardSungard Banner (2007)Banner (2007)Cerner (2007)Cerner (2007)McKesson (2007)McKesson (2007)
AgentAgent--less integration frameworkless integration frameworkApplicationApplication--centric and technologycentric and technology--centric OOTB connectorscentric OOTB connectorsAbstraction of functional layers Abstraction of functional layers Componentized architectureComponentized architectureNN--tier J2EE architecturetier J2EE architectureDeploys on wide range of J2EE application + DB servers Deploys on wide range of J2EE application + DB servers Highly customizable and extensibleHighly customizable and extensible
FeaturesFeatures
Hot Pluggable & Open Strategy
• Deploy on heterogeneous platforms• Application, web, DB, directory servers• Operating systems
• Work with competition’s products• Business apps, Identity Management, system management
• Leverage open standards• Use, drive and innovate
• Standardized on J2EE architecture
Heterogeneous SupportSample Integrations
Applications
Directories
Application/Web Servers
Operating Systems
Groupware
ACF-2 & TSS
Portals
RACF
Standards Support
• Contribute and lead• SSTC (SAML Working Group) - Co-Chair• Liberty Alliance - President, Board Member• WSS, WS-SX (Web Services Security) - Author• SPML - Author• XACML – Voting member
• Implement • Accelerate product development• Simplify product integration & minimize TCO
• Innovate• Enable Identity Governance Framework: CARML, AAPML• Standards for end-to-end security
<Insert Picture Here>
Case Studies
BAMF
• Reduced Administration costs and great user experience around password management• Efficient Account creation and cancellation • Password sync between OID, AD (leading directory) and Oracle database• Web Single Sign-On with Application Express Apps and J2EE Apps
BUSINESS CHALLENGE
• Have a complex IT environment consisting of multiple data stores
• Need of Delegated administration and group management for their applications
• Need of Password Sync from Active Directory to several OID data stores
RESULTS
ORACLE SOLUTION
• Oracle Access Manager and Identity Manager chosen for 10.000 external & 2000 internal users
• Identity Manager solves problems with:• Delegated management of identities• Password sync (e.g. with MS AD)• Governance compliance
Deutsche Post World Net
• No data synchronization necessary• No change/modification of existing applications• Consolidated view on several user stores• Consolidated view as a central service
BUSINESS CHALLENGE
• With 500,000 employees in more than 220 countries Deutsche Post World Net operates an extensive IT infrastructure to link all parts of the organization.
• Need to expand metadirectory services with an identity access layer
• Simplify the user management and have to meet new security requirements.
RESULTS
ORACLE SOLUTION
• Oracle Virtual Directory gives a single LDAP view on user information stored in different systems such as databases, directories, email servers.
• Oracle Virtual Directory is fast to introduce and satisfies new authentication requirements
• Oracle Virtual Directory redirects authentication requests to the DPWN Active Directory or Critical Path directory
Dublin City Council
• Expect to lower operational costs by centralizing user administration • Enable operational efficiency and increase security across application environment• Establish a platform for automating resource & IT account provisioning processes
BUSINESS CHALLENGE
• No single source of user / accounts• No business processes in place for account
creation• 17 different and very autonomous Departments,
each with their own IT systems• No tracking of resource moves between depts• IT needs to be able to bill other dept’s accurately
for use of resources
RESULTS
ORACLE SOLUTION
• Oracle Identity Manager chosen over Sun, Novell, CA, IBM
• 3500 users. Automated provisioning to MS Active Directory
• Full integrated suite created competitive differentiation
Swedish Police
• Significant cost avoidance (est. over $1M) for identity synchronization, workflow & administration functionality• Establishment of automated role & rule-based assignment of access privileges to all managed systems• Improvement of information quality by centralizing user records and cleaning existing data• Detailed and easily accessible audit functionality
BUSINESS CHALLENGE
• Establish secure and centralized mgt of identities across multiple enterprise directories & applications - incorporation of process workflows
• End users and managers have poor visibility into in-process and completed provisioning workflows
• Protect against locally administered changes to user entitlements directly w/in the target systems
• Poor mgt of user certificates within RSA Keon
RESULTS
ORACLE SOLUTION
• Oracle Identity Manager selected over Novell• Highly flexible and extensible product• Superior support for onboarding and analysis
mechanisms for orphan account detection• Support for rollback/undo and escalation• Mature product with solid architecture• Flexibility and customizability
Banedanmark
• First phase will focus on identity clean-up, consolidation, and provisioning using Oracle Identity Manager • Phase two later this year will start focusing on access management including single sign-on
BUSINESS CHALLENGE
• Banedanmark, owned by the Danish State, operates the physical network (the rails) and the train traffic in Denmark
• The implementation of a new major portal project initiated a need for an identity management project consolidating and managing employees, contractors, and business partners across the enterprise
RESULTS
ORACLE SOLUTION
• Oracle selected over Microsoft• Oracle Identity and Access Management Suite • Identity Manager Connectors to SAP and AD
Scottish Government
• IAM will authenticate Citizens and Govt. employees when they access the system either via the Council Website where they live (one of the 32 Local Authorities), the UK Government Gateway or the Central Portal site where the Citizen Account will be running
• Plan to provide a source of truth that will potentially update Govt. records and provide a better service to the 5M Citizens of Scotland where they can change personal details only once across multiple agencies as well as enroll for entitlements
BUSINESS CHALLENGE
• Fragmented customer records and no single source of Citizen info across Scottish Govt.
• Need to integrate to the UK Government Gateway so that users can access the Citizen Account (single, electronic customer record)
RESULTS
ORACLE SOLUTION
• The Scottish Govt., National Infrastructure Project selected Oracle’s Identity and Access Management Suite beating out Software AG
• Suite will integrate UK Govt. Gateway• Working with Sopra, Newell and Budge as the
prime contract provider
<Insert Picture Here>
Oracle’s
Differentiation
Oracle – The Information Company
Databases
Business Intelligence
Business Applications
SOA Applications
Fusion Middleware
Enterprise Manager
Identity &
Security
SOA Applications
Oracle Audit Vault (Beta)Oracle Database Vault
DB Security Evaluation #19Transparent Data Encryption
EM Configuration ScanningFine Grained Auditing (9i)
Secure application rolesClient Identifier / Identity propagation
Oracle Label Security (2000)Proxy authentication
Enterprise User SecurityGlobal roles
Virtual Private Database (8i)Database Encryption API
Strong authentication (PKI, Kerberos, RADIUS)Native Network Encryption (Oracle7)
Database Auditing Government customer
Oracle Database Security30 Years of Innovation
1977 20071977
Customer Advisory Board
• Quarterly meetings
• Monthly newsletters
• Knowledge sharing
• Roadmap prioritization
• Product design validation
Customer Advisory Board (CAB)Share, Communicate, Partnership
Industry Recognition
Leader in Enterprise Identity Provisioning
“(Oracle’s) IAM Roadmap looks the best of all vendors”
2006 Gartner UP MQ
“…move Oracle to the shortlist of enterprise customers looking to deploy a full suite of applications with secure identity management capabilities across their ever-changing IT landscapes”(*)
“Oracle can now be viewed as a Premier Provider of Identity and
Access Management Technology” **
Leader in Web Access Management
“(Oracle) Access Manager ranks as one of the more fully featured WAM
products"
2006 Gartner WAM MQ
Strongest Vendor According To Burton
“Oracle is currently the IdM vendor to beat”- VantagePoint 2007: Identity and Privacy Trends in Enterprise IT
Partners: ISV EcosystemStrong Authentication Physical Access
Network Access
Role ManagementHealthcare
Partners: System Integrators
Key Oracle Differentiators
• Complete suite of best-of-breed products• Complete & best integrated identity management suite• Includes compliance, virtualization and system management• Market leadership validated by press and analysts
• Proven for large scale deployments• Large, complex, and award winning deployments• Broad customer base and use cases• Large referenceable customer base
• Best long-term investment• Strong support of open standards and hot-pluggable strategy• Pre-integrated with Oracle products – DB, middleware, apps• Pre-integrated with over 50 applications and infrastructure• Underpins Oracle’s next generation of Fusion Applications