Strategies for Reducing Access Controls Risk
-
Upload
artur-alves -
Category
Documents
-
view
460 -
download
0
Transcript of Strategies for Reducing Access Controls Risk
![Page 1: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/1.jpg)
<Insert Picture Here>
Smart Strategies for Reducing Risk and Improving ComplianceArtur AlvesSolution ArchitectOracle [email protected]
![Page 2: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/2.jpg)
Copyright © 2011, Oracle. Proprietary
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
![Page 3: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/3.jpg)
Copyright © 2011, Oracle. Proprietary
<Insert Picture Here>
Agenda
● Factors increasing risk
● Strategies for reducing risk
● Demo
● Case Studies
![Page 4: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/4.jpg)
Copyright © 2011, Oracle. Proprietary
Video – Too Much Information
![Page 5: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/5.jpg)
Copyright © 2011, Oracle. Proprietary
Complex Regulatory
Environment
Dynamic User Population
What Is Increasing Risk?
Corporate user population is increasingly mobile
85% of all mobile devices are unsecured by IT*
* Malicious Mobile Threats Report, Juniper Networks 2011
Regulations are increasing world-wide
40% of IT budget is spent on addressing compliance mandates*
* Forrester Consulting, 2010
IT spending on SaaS apps projected to increase 5x in 2011*
25 billion app downloads projected for 2011*
* IDC, Dec 2010
Application Explosion
![Page 6: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/6.jpg)
Copyright © 2011, Oracle. Proprietary
Analyze Your Risks
Prioritize Based on Economics and Impact
Create a Sustainable Program
Strategies for Reducing Risk and Improving Compliance
![Page 7: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/7.jpg)
Copyright © 2011, Oracle. Proprietary
Risk Score Is Your Priority
User Job Role RACF Siebel CRM Share Point
Last Login
Risk Score
John Doe
Product Manager
Manage Customer
Manage Opportunity
Access Dev Specs
Sep 5 2011 at
9am EST 95
Jim Harris Sales Rep
Manage Customer
Manage Opportunity
Change Pricing
Jan 12, 2000 at 10am PDT
97
Steve Brown HR Manager
Manage Customer
Manage Opportunity
Sep 5 2011 at 10am
EST from Nigeria
98
ExcessAccess
SoD Violation
ExcessAccess
![Page 8: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/8.jpg)
Copyright © 2011, Oracle. Proprietary
Video – Audit Eye
![Page 9: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/9.jpg)
Copyright © 2011, Oracle. Proprietary
Prioritize based on economics and impact
Consolidate & CorrelateEntitlements
AutomateIdentity-basedControls
Define Enterprise Roles
Assign Accessvia Roles
Monitor & Enforce via Roles
Access Certification
& SoD
Role Administration &
Governance
Role-based Provisioning
Activity Monitoring&
Entitlements Management
BuildIdty Warehouse
![Page 10: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/10.jpg)
Copyright © 2011, Oracle. Proprietary
Solution: Create a Sustainable Program
User Job Role RACF Siebel CRM Share Point
Last Login
Risk Score
John Doe
Product Manager
Manage Customer
Manage Opportunity
Access Dev Specs
Sep 5 2011 at
9am EST 95
Jim Harris Sales Rep
Manage Customer
Manage Opportunity
Change Pricing
Jan 12, 2000 at 10am PDT
97
Steve Brown HR Manager
Manage Customer
Manage Opportunity
Sep 5 2011 at 10am
EST from Nigeria
98
Disable Access
Closed Loop Remediation
Disable Access
![Page 11: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/11.jpg)
Copyright © 2011, Oracle. Proprietary
• Compliance Command Console• Actionable Dashboards, Business Reports & Comprehensive Analytics
• Accelerated and Sustainable Compliance Automation• Access Certification, IT Audit Policy Monitoring, Closed-loop Remediation, SoD Engine
• Intelligent Role Governance• Change Management, Attestation, Consolidation & Audit, Role Mining, Identity Cleansing
• Rich Identity Warehouse• Optimized for Analysis, Mining, Correlation, Reporting on Identity, Access and Policy Data
Oracle Identity Analytics 11gRapid and Sustainable Compliance Automation
IT Audit Policy Monitoring
Role Governance
Access Certification
IdentityWarehouse
Compliance Command Console
Identity/Access Data Sources
Oracle Identity Manager
Oracle Access Manager
![Page 12: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/12.jpg)
Copyright © 2011, Oracle. Proprietary
DemoOracle Identity Analytics
![Page 13: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/13.jpg)
Copyright © 2011, Oracle. Proprietary
Report BuiltAnd Results Stored in DB
4
Archive (Audit)Attested Data
Attestation Actions
Delegation Paths
Delegate
Reject
Certify
Decline
Reviewer Selections
Comments
Access Certification FlowOracle Identity Analytics
Set Up PeriodicReview
1 Reviewer Is NotifiedGoes to Self Service2
Automated Actionis taken based on Periodic Review
3
Who Reviews It?
What Is Reviewed?
Start When? How Often?
Notify Delegated Reviewer
Notify the Process Owner
Automatically Terminate User
Email Resultto User
![Page 14: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/14.jpg)
Copyright © 2011, Oracle. Proprietary
• User provisioning and de-provisioning (after Certification)• Password reset & self-service account requests• Delegated administration• Approval and request workflow• Compliance reports
Closed-Loop ProvisioningOracle Identity Analytics + Oracle Identity Manager
Oracle Identity Manager
Mainframes
Databases and LDAP
Custom Apps
Enterprise Applications
GRANT or REVOKE
Oracle Identity Analytics
Roles
Entitlement Rules
SoD Checks
Resource Data Entitlements Data
IdentityWarehouse
![Page 15: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/15.jpg)
Copyright © 2011, Oracle. Proprietary
COMPANY OVERVIEW
• A global bank with HQ in Europe, presence in NA, Asia and Emerging Markets
• Over 90K employees, > 1000 apps, 500 DBs, 6000 servers, and 1.1 M user accounts
CHALLENGES/OPPORTUNITIES
• SOX Compliance a challenge with over 3.8M actions
• Complex feed from multiple platforms – UNIX, Wintel, DBs
SOLUTION
• Implemented Oracle Identity Analytics (formerly Sun Role Manager)
RESULTS
• 3.8M actions reduced to 26K
• Annual cost reduction = Euro 3.7M
• 90% app SOX certification complete in 1 week, 100% in 2 months. SOX compliant!
• 3 month manual process now takes <2 weeks
Case Study: Accelerating ROIFinancial Services Example
![Page 16: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/16.jpg)
Copyright © 2011, Oracle. Proprietary
![Page 17: Strategies for Reducing Access Controls Risk](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a94fa41a28abee0a8b45cb/html5/thumbnails/17.jpg)
18 | © 2011 Oracle Corporation – Proprietary and Confidential