<Insert Picture Here>

Security and Identity

Management

J. Alberto YépezVice PresidentOracle Corporation

Agenda

• Corporate Background• Business Drivers• Oracle’s Strategy• Case Studies• Oracle’s Differentiation

<Insert Picture Here>

Corporate

Background

Strategic Acquisitions

• PeopleSoft / JD Edwards (1/05)

• Retek (4/05)• ProfitLogic (7/05)• i-flex (8/05)• G-Log (9/05)• TempoSoft (12/05)

• Siebel (1/06)• 360Commerce (1/06)• Portal Software (4/06)• Demantra (6/06)• Telephony@Work (6/06)• Metasolv (10/06)• SPL WorldGroup (11/06)• Agile Software (5/07)

• TimesTen (06/05)• TripleHop

Technologies (06/05)• Context Media (07/05)• Innobase (10/05)

• Sleepycat (2/06)

• IronFlare (5/01)• TopLink (6/02)• Collaxa (1/04)• Phaos Technologies (5/04)

• Oblix (3/05)• Thor Technologies (11/05)• OctetString (11/05)

• HotSip (2/06)• Net4Call (4/06)• Sigma Dynamics (8/06)• Sunopsis (10/06)• Stellent (11/06)• Hyperion (3/07)• AppForge, LODESTAR

c.f. http://www.oracle.com/corporate/acquisition.html

Applications 2005

Applications 2006

Database 2005

Database 2006

Middleware <2005

Middleware 2005

Middleware 2006+

<Insert Picture Here>

Business

Drivers

Today’s e-Government IT Challenges

More Responsive• More accessibility for employees, citizens and business• Reduce cost, self-service environment• Faster reaction to changing requirements

More Secured• Identity theft• Intellectual property theft• Organized crime• Constant global threats

More Compliant• Increasing regulatory demands• Increasing privacy concerns• Global and EU directives

State Of Security In Public Sector

• Incomplete• Multiple point solutions from many vendors• Disparate technologies that don’t work together

• Complex• Repeated point-to-point integrations• Mostly manual operations

• ‘Non-compliant’• Difficult to enforce consistent set of policies• Difficult to measure compliance with those policies

Security Critical To Business Continuity

1996

• Amateur hackers

• Web site defacement

• Viruses

• Infrequent attacks

2007

• Organized crime

• IP theft

• Identity theft

• Privacy

Managing Operational Risks

• Majority of security breaches from within organization• Fragmented security policies

• Orphaned accounts• Expired access rights• Lack of aggregated audit and accountability

• Leaked passwords, social engineering • Manual provisioning of user accounts requests prone

to errors• IT administrators unaware of organizational and role

changes• Identity theft

Identity Management

Auditingand

ReportingWorkflow and Orchestration

EmployeesIT Staff SOA Applications

Business

External

Delegated Admin

SOA Applications

Citizens

Internal

Identity Management Services

Access Management•Authentication & SSO•Authorization & RBAC• Identity Federation

Identity Administration•Delegated Administration•Self-Registration & Self-Service•User Group & Roles Management

Directory Services•LDAP Directory•Meta-Directory•Virtual Directory

Identity Provisioning•Who, What, When, Where, Why•Rules and Access Policies• Integration Framework

Monitoringand

Management

NOS/DirectoriesOS (Unix)

InfrastructureApplications

ERP CRM HR Mainframe

Physical Assets

Cell Phone Physical Access

<Insert Picture Here>

Oracle’s

Strategy

Oracle’s IdM Strategy

Databases

Business Intelligence

Business Applications

SOA Applications

Fusion Middleware

Enterprise Manager

Identity &

Security

SOA Applications

IdM is part of Fusion Middleware

Oracle’s Identity & Security Strategy

• Complete, unified solution• Coherent and comprehensive security• “Cross-silo” integrated identity & security

• Application-centric• Protecting business processes and web services (SOA)• Identity & security as infrastructure, not bolt-on layer

• Hot-pluggable• Standards-based• Heterogeneous• Best-of-breed components as well as integrated IAM suite

AccessAccessControlControl

Identity & Access ManagementDirectoryDirectoryServicesServices

IdentityIdentityAdministrationAdministration

Authentication & Authentication & AuthorizationAuthorization

Single SignSingle Sign--OnOn

FederationFederation

Web Services SecurityWeb Services Security

Identity LifecycleIdentity LifecycleAdministrationAdministration

Role & MembershipRole & MembershipAdministrationAdministration

Provisioning &Provisioning &ReconciliationReconciliation

Compliance AutomationCompliance Automation

VirtualizationVirtualization

SynchronizationSynchronization

StorageStorage

Service Levels Configuration Performance Service Levels Configuration Performance AutomationAutomation

ManagementManagement

Audit Data Attestation Segregation of Duties Audit Data Attestation Segregation of Duties ControlsControls

Audit & ComplianceAudit & Compliance

AccessAccessControlControl

Oracle I&AM ProductsDirectoryDirectoryServicesServices

IdentityIdentityAdministrationAdministration

Oracle Access ManagerOracle Access Manager

Oracle EnterpriseOracle EnterpriseSingle SignSingle Sign--OnOn

Oracle Identity FederationOracle Identity Federation

Oracle Web ServicesOracle Web ServicesManagerManager

Oracle Identity ManagerOracle Identity Manager

Oracle Virtual DirectoryOracle Virtual Directory

Oracle Internet DirectoryOracle Internet Directory(with Directory Integration(with Directory Integration

Platform)Platform)

Oracle Enterprise Manager for Identity ManagementOracle Enterprise Manager for Identity Management

ManagementManagement

Oracle Identity & Access Management SuiteOracle Identity & Access Management Suite

Audit & ComplianceAudit & Compliance

Complete, Unified Security

• Application security• Fine grained access control across applications• Integrated with packaged enterprise applications

• Middleware security• Comprehensive Identity Services Framework• Integrated security with application server and SOA framework

• Data security• Data security at rest, in transit and in archive• Consolidation of management and security of auditable data

• Physical security• Integrated logical and physical security

Data Privacy

AdvancedAdvancedSecuritySecurity

LabelLabelSecuritySecurity

SecureSecureSearchSearch

DatabaseDatabaseVaultVault

MultiMulti--factorfactorDBA ControlsDBA Controls

EncryptedEncryptedDataData

AuthorizedAuthorizedSearchSearch

DataDataClassificationClassification

AuditAuditVaultVault

Monitor, Alert,Monitor, Alert,ConsolidateConsolidate

Content/Content/Record DBRecord DB

UnstructuredUnstructuredData MgmtData Mgmt

Ensure Data Privacy at All LevelsProtect from Insider Threat

Safeguard Personally Identifiable Information (PII)Efficiently and Effectively Meet Regulatory Requirements

Application Centric Security

• Comprehensive security for applications• Single sign-on and federated access• Fine grain authorization• Roles and entitlements management• HR and identity management process integration

• Identity Services Framework• Identity services as infrastructure• Rapid-integration enabled security platform• Abstracted identity storage• Centralized policy enforcement and compliance monitoring

Oracle ApplicationOracle ApplicationIntegrationsIntegrations

Oracle IdM-App Integration Offerings

SAP & Other ApplicationSAP & Other ApplicationIntegrationsIntegrations

Oracle eOracle e--Business SuiteBusiness SuitePeopleSoftPeopleSoftSiebelSiebelJD EdwardsJD EdwardsOracle Retail (H1 2007)Oracle Retail (H1 2007)PeopleSoft Campus (2007)PeopleSoft Campus (2007)Telecom/Portal (2007)Telecom/Portal (2007)Oracle Clinical Solutions (2007)Oracle Clinical Solutions (2007)

SAP R/3, Basis, CUASAP R/3, Basis, CUASAP HRMSSAP HRMSSAP Certification (2007)SAP Certification (2007)Lawson (2007)Lawson (2007)other tierother tier--2 applications2 applicationsSCT SCT SungardSungard Banner (2007)Banner (2007)Cerner (2007)Cerner (2007)McKesson (2007)McKesson (2007)

AgentAgent--less integration frameworkless integration frameworkApplicationApplication--centric and technologycentric and technology--centric OOTB connectorscentric OOTB connectorsAbstraction of functional layers Abstraction of functional layers Componentized architectureComponentized architectureNN--tier J2EE architecturetier J2EE architectureDeploys on wide range of J2EE application + DB servers Deploys on wide range of J2EE application + DB servers Highly customizable and extensibleHighly customizable and extensible

FeaturesFeatures

Hot Pluggable & Open Strategy

• Deploy on heterogeneous platforms• Application, web, DB, directory servers• Operating systems

• Work with competition’s products• Business apps, Identity Management, system management

• Leverage open standards• Use, drive and innovate

• Standardized on J2EE architecture

Heterogeneous SupportSample Integrations

Applications

Directories

Application/Web Servers

Operating Systems

Groupware

ACF-2 & TSS

Portals

RACF

Standards Support

• Contribute and lead• SSTC (SAML Working Group) - Co-Chair• Liberty Alliance - President, Board Member• WSS, WS-SX (Web Services Security) - Author• SPML - Author• XACML – Voting member

• Implement • Accelerate product development• Simplify product integration & minimize TCO

• Innovate• Enable Identity Governance Framework: CARML, AAPML• Standards for end-to-end security

<Insert Picture Here>

Case Studies

BAMF

• Reduced Administration costs and great user experience around password management• Efficient Account creation and cancellation • Password sync between OID, AD (leading directory) and Oracle database• Web Single Sign-On with Application Express Apps and J2EE Apps

BUSINESS CHALLENGE

• Have a complex IT environment consisting of multiple data stores

• Need of Delegated administration and group management for their applications

• Need of Password Sync from Active Directory to several OID data stores

RESULTS

ORACLE SOLUTION

• Oracle Access Manager and Identity Manager chosen for 10.000 external & 2000 internal users

• Identity Manager solves problems with:• Delegated management of identities• Password sync (e.g. with MS AD)• Governance compliance

Deutsche Post World Net

• No data synchronization necessary• No change/modification of existing applications• Consolidated view on several user stores• Consolidated view as a central service

BUSINESS CHALLENGE

• With 500,000 employees in more than 220 countries Deutsche Post World Net operates an extensive IT infrastructure to link all parts of the organization.

• Need to expand metadirectory services with an identity access layer

• Simplify the user management and have to meet new security requirements.

RESULTS

ORACLE SOLUTION

• Oracle Virtual Directory gives a single LDAP view on user information stored in different systems such as databases, directories, email servers.

• Oracle Virtual Directory is fast to introduce and satisfies new authentication requirements

• Oracle Virtual Directory redirects authentication requests to the DPWN Active Directory or Critical Path directory

Dublin City Council

• Expect to lower operational costs by centralizing user administration • Enable operational efficiency and increase security across application environment• Establish a platform for automating resource & IT account provisioning processes

BUSINESS CHALLENGE

• No single source of user / accounts• No business processes in place for account

creation• 17 different and very autonomous Departments,

each with their own IT systems• No tracking of resource moves between depts• IT needs to be able to bill other dept’s accurately

for use of resources

RESULTS

ORACLE SOLUTION

• Oracle Identity Manager chosen over Sun, Novell, CA, IBM

• 3500 users. Automated provisioning to MS Active Directory

• Full integrated suite created competitive differentiation

Swedish Police

• Significant cost avoidance (est. over $1M) for identity synchronization, workflow & administration functionality• Establishment of automated role & rule-based assignment of access privileges to all managed systems• Improvement of information quality by centralizing user records and cleaning existing data• Detailed and easily accessible audit functionality

BUSINESS CHALLENGE

• Establish secure and centralized mgt of identities across multiple enterprise directories & applications - incorporation of process workflows

• End users and managers have poor visibility into in-process and completed provisioning workflows

• Protect against locally administered changes to user entitlements directly w/in the target systems

• Poor mgt of user certificates within RSA Keon

RESULTS

ORACLE SOLUTION

• Oracle Identity Manager selected over Novell• Highly flexible and extensible product• Superior support for onboarding and analysis

mechanisms for orphan account detection• Support for rollback/undo and escalation• Mature product with solid architecture• Flexibility and customizability

Banedanmark

• First phase will focus on identity clean-up, consolidation, and provisioning using Oracle Identity Manager • Phase two later this year will start focusing on access management including single sign-on

BUSINESS CHALLENGE

• Banedanmark, owned by the Danish State, operates the physical network (the rails) and the train traffic in Denmark

• The implementation of a new major portal project initiated a need for an identity management project consolidating and managing employees, contractors, and business partners across the enterprise

RESULTS

ORACLE SOLUTION

• Oracle selected over Microsoft• Oracle Identity and Access Management Suite • Identity Manager Connectors to SAP and AD

Scottish Government

• IAM will authenticate Citizens and Govt. employees when they access the system either via the Council Website where they live (one of the 32 Local Authorities), the UK Government Gateway or the Central Portal site where the Citizen Account will be running

• Plan to provide a source of truth that will potentially update Govt. records and provide a better service to the 5M Citizens of Scotland where they can change personal details only once across multiple agencies as well as enroll for entitlements

BUSINESS CHALLENGE

• Fragmented customer records and no single source of Citizen info across Scottish Govt.

• Need to integrate to the UK Government Gateway so that users can access the Citizen Account (single, electronic customer record)

RESULTS

ORACLE SOLUTION

• The Scottish Govt., National Infrastructure Project selected Oracle’s Identity and Access Management Suite beating out Software AG

• Suite will integrate UK Govt. Gateway• Working with Sopra, Newell and Budge as the

prime contract provider

<Insert Picture Here>

Oracle’s

Differentiation

Oracle – The Information Company

Databases

Business Intelligence

Business Applications

SOA Applications

Fusion Middleware

Enterprise Manager

Identity &

Security

SOA Applications

Oracle Audit Vault (Beta)Oracle Database Vault

DB Security Evaluation #19Transparent Data Encryption

EM Configuration ScanningFine Grained Auditing (9i)

Secure application rolesClient Identifier / Identity propagation

Oracle Label Security (2000)Proxy authentication

Enterprise User SecurityGlobal roles

Virtual Private Database (8i)Database Encryption API

Strong authentication (PKI, Kerberos, RADIUS)Native Network Encryption (Oracle7)

Database Auditing Government customer

Oracle Database Security30 Years of Innovation

1977 20071977

Customer Advisory Board

• Quarterly meetings

• Monthly newsletters

• Knowledge sharing

• Roadmap prioritization

• Product design validation

Customer Advisory Board (CAB)Share, Communicate, Partnership

Industry Recognition

Leader in Enterprise Identity Provisioning

“(Oracle’s) IAM Roadmap looks the best of all vendors”

2006 Gartner UP MQ

“…move Oracle to the shortlist of enterprise customers looking to deploy a full suite of applications with secure identity management capabilities across their ever-changing IT landscapes”(*)

“Oracle can now be viewed as a Premier Provider of Identity and

Access Management Technology” **

Leader in Web Access Management

“(Oracle) Access Manager ranks as one of the more fully featured WAM

products"

2006 Gartner WAM MQ

Strongest Vendor According To Burton

“Oracle is currently the IdM vendor to beat”- VantagePoint 2007: Identity and Privacy Trends in Enterprise IT

Partners: ISV EcosystemStrong Authentication Physical Access

Network Access

Role ManagementHealthcare

Partners: System Integrators

Key Oracle Differentiators

• Complete suite of best-of-breed products• Complete & best integrated identity management suite• Includes compliance, virtualization and system management• Market leadership validated by press and analysts

• Proven for large scale deployments• Large, complex, and award winning deployments• Broad customer base and use cases• Large referenceable customer base

• Best long-term investment• Strong support of open standards and hot-pluggable strategy• Pre-integrated with Oracle products – DB, middleware, apps• Pre-integrated with over 50 applications and infrastructure• Underpins Oracle’s next generation of Fusion Applications