Oracle Idm Suite

<Insert Picture Here>

Oracle Identity And Access Management

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remain at the sole discretion of Oracle.


Problem Statements

More regulations than ever…

• Federal, state, local, industry…adding more mandates every year!

• Need to meet AND demonstrate compliance

• Compliance costs are unsustainable

Report and audit ?

Source: IT Policy Compliance Group, 2007.

90% Companies behind in compliance

Higher Costs Than Ever…

• User Management Costs

• User Productivity Costs

• Compliance & Remediation Costs

• Security Breach Remediation Costs

It Adds Up$

5 Questions to ask your Chief

Information Security Officer

Q: How do you control access to your sensitive applications?

a – Usernames and passwordsb – Contextual authenticationauthorization

c – Hardware token

Q: What determines your employee’s access?

a – Give Alice whatever Wally hasb – Base on her business rolesc – Whatever her manager says

Q: Who is the most privileged user in your enterprise?

a – Security administratorb – CFOc – The 3-peat summer intern who is now working for your competitor

Q: How secure is youridentity data?

a – It is in 18 different secured storesb – We protect the admin passwordsc – Privacy? We don’t hold credit card numbers

Q: How much are manual compliance controls costing your organization?

a – Nothing, no new headcountb – Don’t askc – Don’t know

Enterprise Applications Today

Customers & Partners

Admins Business Users

• Mix of custom, legacy & packaged applications

• Silo’ed and disjointed security

• Numerous identity stores and policy administration points

• Too many users with privileged access

• Highly evolving and regulated business environment

Next Generation Security Challenges

Auditors & Regulators Identity Thieves

Rogue Employees Privileged Users

Next Generation Security Solutions

Auditors & Regulators Identity Thieves

Rogue Employees Privileged Users

Identity Gover

nance

Fraud Preve

ntion

Entitlement Management

Data-Cente

r Secu

rity

Identity Governance

• Attestation of user access is a manual process

• User access does not match their jobs

• Segregation of duties policies not enforced

Identity Theft & External Fraud

• Enterprise brand often used in phishing attacks

• Stolen identity and credit cards used to pay for on-line purchases

• Consumers hesitate to embrace on-line self service due to fear of identity theft

Data Privacy & Internal Fraud

• No fine grained control of data visibility and transaction level access

• Inappropriate or fraudulent use of enterprise IT assets and information services

• Difficult to prove compliance with data privacy and consumer rights regulations

Data Center Security

• Administration of users in hundreds of DB is not scalable

• DBA can see all data, violating data privacy mandates

• Integration of identity infrastructure takes 12 months or longer after an acquisition


Value Propositions

20

Business Requirements for IT Security

Managing

Security & Risk

Increasing Business Value

Sustaining

Compliance

Oracle Identity ManagementFour C’s of Success

• Prevents losses from fraud

• Provides low cost Secondary AuthN

• Reduces help desk calls

Cost Savings

• Cost-effective and future-proof

• HIPAA, SOX, FFIEC, PCI compliance

Compliance

• Improves and streamlines user experience

• Simplifies application development and deployment

Client Experience

• End to end capabilities from a single suite

• Protects applications across multiple channels

Cross-Channel Security

21 Copyright © 2009, Oracle. All rights reserved

How Can Identity Management Help?Establish Enterprise Identity & Roles

• Consolidate or virtualize multiple, complex identity environments to a single enterprise identity source

• Automate linkage of employee records with user accounts

• Establish enterprise roles for automation, compliance and business continuity

• Eliminate rogue and orphaned accounts

? !X

• Enforce strong password policies via synchronization or single sign-on (SSO)

• Implement strong authentication and risk based authorization for critical apps and web services

• Enforce minimal access rights based on roles, attributes, and requests

• Leverage federation technologies for cross-domain SSO

How Can Identity Management Help?Enforce Strong And Granular Security Policies

• Reduce administration cost and improve service level with delegated administration & self-service

• Implement scalable and dynamic approval workflows leveraging dynamic enterprise role and organization data

• Automate detection of fraudulent activities based on policies

• Role and attribute driven provisioning of applications with exact access levels

How Can Identity Management Help?Automate Security Related Processes

• Implement automated attestation for entitlements, roles, policies, workflows….

• Implement exception driven process automation

• Implement segregation of duties around roles and entitlements

• Implement automations and controls for management of privileged users

How Can Identity Management Help?Define Audit And Control Framework

• Define an enterprise-wide integration standard

• Leverage all integrations through a single interface / application

• Heavily leverage open standards to protect IT investments

• Maximize out-of-the-box integrations across technology stacks: applications, middleware, database and operating systems

How Can Identity Management Help?Deploy A Scalable Integration Architecture

• Automate user management, manage entitlements, enforce segregation of duties

• Link HR employee data to user accounts

• Integrate application to enterprise directories and portals

• Enforce appropriate and granular level of access control based on application and data being accessed

How Can Identity Management Help?Security And Control For Enterprise Applications

Financials

SCMERP

Procure-To-Pay Process

Issue POAccept

Shipment

Issue

Payment

• Externalize and centralize authentication and authorization of database users with optional strong authentication

• Centrally manage database users and database roles

• Implement strong control over DBA access

• Automate security management of shared accounts

How Can Identity Management Help?Manageability and Security For Databases

DBA

DBA

DBA

• Manage Who has access to What, When, How and Why for SOX, FFIEC, GLBA and PCI compliance

• Automate termination and job transfer processes for tight security

• Detect and remediate fraudulent activities against both outside and inside threats

• Enforce segregation of duties and Chinese Wall regulatory mandates

How Can Identity Management Help?Compliance & Fraud Mgmt. For Financial Services

• Manage scalable lifecycle management for a highly dynamic and seasonal workforce

• Improve access security for shared terminals such as POS and warehouse terminals

• Enforce segregation of duties across heterogeneous systems such as receiving and payment

• Enable federated access for supply chain partners

How Can Identity Management Help?Scalable Security And Administration For Retail

• Deploy secured storage and control processes to guard patient’s data privacy

• Deploy audit and control mechanisms to ensure cost effective compliance to HIPAA

• Implement access control to ensure the security of shared workstations for single sign-on and sign-off

• Enable self-service and automated application provisioning for mobile healthcare workers

How Can Identity Management Help?Guarantee Patient Privacy For Healthcare

• Provide secured access for residents to government services via strong auth’n, risk based auth’z & safeguarding of identity data

• Enable cost efficient compliance for HIPAA, PCI, …etc.

• Streamline management of large & distributed user base via self-service & delegated admin.

• Simplify identity & security integration across dispersed agencies, districts and departments

How Can Identity Management Help?Enable Service Delivery For Local Government


Oracle and Enterprise

Security

34Oracle Confidential

34

Information Rights Management

• Encryption and Masking

• Privileged User Controls

• Multi-Factor Authorization

• Activity Monitoring and Audit

• Secure Configuration

Identity Management

Database Security

Databases

Applications

Content

Oracle Security Inside Out

Infrastructure

• User Provisioning

• Role Management

• Entitlements Management

• Risk-Based Access Control

• Virtual Directories

• Document-level access control

• All copies, regardless of location(even beyond the firewall)

• Auditing and revocation

Information

Information Centric Security Solutions

Databases

Applications

DATABASE SECURITY

Encryption and Data Masking

Access Control and Authorization

Activity Monitoring

IDENTITY AND ACCESS MANAGEMENT

IdentityAdministration Directory Services

Access Management

INFORMATION

RIGHTS

MANAGEMENT

Centralized Document Access Control

Revocation (Digital Shredding)

Document Activity Monitoring and Audit

Content


Oracle and Identity

Management

Oracle Identity ManagementCommitment to Leadership & Innovation

Innovate

Lead

Build

Acquisition of Sun �� OIA, DSEE

Acquisition of BEA�� OES

Acquisition of Bharosa�� OAAM

Acquisition of Bridgestream�� ORM

Identity Governance Framework

1999 20072005 2006

Market Leader in Forrester’s IAM Wave

Oracle IdM Eco-system

Oracle eSSO

Leader in Gartner’s UP & WAM Magic Quadrant

Oracle Identity and Access Management Suite

Identity Audit and Compliance offering

Acquisition of OctetString�� OVD

Acquisition of Thor �� OIM

Acquisition of Oblix�� OAM, OIF & OWSM

Acquisition of Phaos�� Federation and WS technologies

Oracle Internet Directory

2009 2010

Oracle IdM Key Success Factors

• Acquire best-of-breed products and talents• Phaos, Oblix, Thor, OctetString, Bharosa, Bridgestream

• Each company had strong technical and management talents

• Integrate BEA and Sun

• Retain and invest• Still have > 90% retention rate of acquired employees

• Acquired employees hold key mgmt. and technical positions

• Team size grew organically by > 100% post 2005 acquisitions

• Customer focus

• Focus on low TCO architecture

• Focus on customer success

• Focus on long-term customer partnership

IdM Is Strategic To Oracle

• IdM is key security infrastructure for Fusion

• IdM is a key component of the GRC strategy

• Oracle has invested in 7 acquisitions in IdM since 2005

• Oracle has invested heavily in organic growth• > 500 developers

• > 25 product managers

• > 80 QA

• > 100 support


Products & Partnerships

Oracle’s Identity Management Portfolio

Platform Security Services

Access Management*Identity Administration Directory Services

Access Manager

Adaptive Access Manager

Enterprise Single Sign-On

Identity Federation

Entitlements Server

Identity Manager Directory Server EE

Internet Directory

Virtual Directory

Identity Analytics

Management Pack For Identity Management

Operational Manageability

Identity & Access Governance

*Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet

5 variations of the suite solution and product slides

Oracle’s Identity Management Portfolio

Platform Security Services

Access ManagementIdentity Administration Directory Services

Authentication & SSO

Risk-based Authorization

Federation and STS

Fine grained entitlements

Web Services security

Identity lifecycle

Role & Relationship Management

Provisioning & Reconciliation

Password management

LDAP storage

LDAP synchronization

Identity virtualization

OS authentication

Audit Reporting Analytics Fraud Forensics Attestation SoD

SLA Performance Configuration Automation Diagnostics Patching

Operational Manageability


*Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet


Internet Directory

Virtual Directory

Directory Server EE

Access Manager

Adaptive Access Manager

Enterprise Single Sign-On

Identity Federation + Fedlet

Entitlements Server

Web Services Manager

OpenSSO STS

Access Management

Identity Manager

Identity Admin. Directory Services

Oracle’s Identity Management Suite

Identity Analytics


Enterprise Manager IdM Pack

Manageability


Oracle Identity Management

Provisioning & Identity

Administration

AccessManagement

DirectoryServices

Roles-based User Provisioning

Password Management

Self Service Request & Approval

Authentication, SSO & Fraud Prevention

Authorization & Entitlements

Web Services Security

Information Rights Management

LDAP Storage

Virtualized Identity Access

Platform Security ServicesIdentity Analytics

Reporting Attestation SoD Mining Identity Services for Developers


Oracle Access Management

• Comprehensive security for applications, data, documents, web services

• End-to-end authentication, single sign-on, and fine grained application protection

• Innovative anomaly detection, transaction security, and secondary authentication

• Extensive 3rd party integrations


Access Management

- Confidential - © 2009 Oracle Corporation

46

• Single Platform to Secure Access to Data, Applications and WebServices

• Centralized Session Management to deliver stronger security

• Stronger methods of Authentication including OTP tokens, and KBA

• Enhanced Manageability• Centralized Server and Agent Administration

• Inline Diagnostics and Troubleshooting

SSO, Authorization & Entitlements

• Pluggable authentication, flexible identity assertion

• Centralized, fine grained policy administration

• Distributed, dynamic access enforcement

• Compliance auditing

Oracle Access Manager

Oracle Access Manager

User Authentication

Authentication

End User

Authentication Decisions

Oracle Internet Directory

User Data

Directory Integration Platform or Oracle Identity Manager

Oracle HTTP Server

LDAP Authentication

User Synchronization

OAM Webgate agent

Enterprise User Store

Enterprise User Store

Local User Store

Deployed Application

WebLogic Server

Flexibility to use other LDAP servers for Authentication Decisions

Optional with OAM

Oracle Identity Federation

IDM infrastructures

Identity Stores

Policy Stores

AuthN & SSO

Portals

ApplicationsFedlet for

Service partners

Trade partners

Fedlet for

Affiliates

Cert Stores

Certificate

configuration

Identity Provider

discovery

Integration

APIs

Account

mapping

Oracle Identity Federation

SAML 2.0WS-Fed

SAML 1.1

Fraud Prevention

• Real-time anomaly detection

• Automatically learns patterns

• Knowledge-based and one-time-pin challenges based on risk

• Centralized policy administration, dashboards, investigation/forensics tools

Authentication & Fraud Prevention

• Authentication Security

• Real-time Anomaly Detection

• Proactive Fraud Prevention

• Reporting and forensics

Oracle Adaptive Access Manager

Secure Login

Challenge

or Block

Model Risk

Analysis and Forensics

Detect Anomalies

Evaluate transactions

Security for Applications

• Consolidated application security policy

• Enforcement across application and data tiers

• Fine grained controls enables fine grained compliance

• Anomaly and risk based authentication & authorization


Oracle AccessManagement Suite

App

Entitlements Management

Before After

• Hard-coded security policies

• Brittle policy management

• Application policy silos

• Externalized entitlements

• Agile business policies

• Centralized policy management

Application

App

App

App App

Entitlements Management

• Complete application security

• Fine-grained entitlements

• Granular enforcement & controls

• Risk aware fine-grained authorizations

Authorization EnforcementEntitlements Administration

Enforce Access

Distribute Policies

Evaluate Policies

Model Resources

Define Policies

Map Enterprise Entitlements

Application

GRANT

REVOKE

Oracle Entitlements Server

• Centralized policy management, distribution

• Localized policy decisions and enforcement

• Protect any system or business component across heterogeneous platforms

OES PDP

App

App

App

OES PDP

OES PDP

OES PAP

Audit

Audit

Audit

LDAP

Enterprise Data

policy

policy

policy

• Leverage existing identity stores and enterprise data for entitlements decisions

Oracle Web Services Manager

ClientsJ2SE, J2EE, .NET

Web ServicesEndpoints (J2EE, .NET)

Policy Enforcement Points (PEP)

OWSM Server And Admin Console

Policy Management Monitoring

Gateway Option

Client-Side Agents Option

Server-Side Agents Option

(Last-Mile Security)

Extranet Provisioning

• Millions of users and hundreds of organizations but simpler provisioning policies

• User/company registration, account and password management

• Multi-tier delegated administration and compliance reporting

Internet

Delegated admin

Password reset

Self registration

Customers Partners Suppliers

SSO/LDAP

CRM/Billing

Social NetworkingUser

Organization

Multiple Identity Data StoresIdentity Data

Single View

Oracle Virtual Directory

• Virtual consolidated view of identity silos

• Real-time identity data integration

• Accelerated applications deployment

• Eases pain of directory consolidation

Centralize Identity Data

Scalable, Secured & Agile Infrastructure

LDAP

AD

LDAP

Finance DBA

CRM DBA

Finance

HR

CRM

Centralized Management of DBAs

Integration with Active Directory

SoD for Privileged DBA Access

DBAsEnterprise

UserSecurity

App A

App B

OracleVirtualDirectory DB Vault

Identity as a Service

Identity Store, Credential Store, and Policy Store Providers

Declarative Security Services

Fusion Apps 3rd Party/Custom Apps Cloud Service Providers

Web Services

Role Mgmt Directory SvsID AdminAuthorization Authentication Audit

Access Management Directory ServicesIdentity Administration

Federation

Oracle’s Comprehensive IdM Solutions

Info. Sec, AuditorEnd Users Administrator

Reporting & Analytics

Attestation

Segregation of Duties

Fraud Detection

Strong Authentication

Risk Based Authorization

Federation

Self-Service

Identity Admin

Account Admin

Organization Admin

Role Management

Delegated Admin

Business Apps, HR

Provisioning

Reconciliation

Password Mgmt.

WS Security

Directories, DB

LDAP Virtualization

LDAP Storage

LDAP Synchronization

DB User Security

App Server, OS

Java Platform Security

Authentication For Operating Systems

Oracle Identity Management & Security Platform

For More Information

search.oracle.com

or

oracle.com

Identity management

Oracle Idm Suite

Documents

Transcript of Oracle Idm Suite