Oracle Identity Manager and the Evolution of GRC Practices
There's no getting around it.
I wrote in an earlier post about the rise and decline of the whaling industry in New England. At the start, the point was primarily to feed one's own family from the meat. If you'll recall, much of the early New England colonists' experience with whaling came from harvesting whales that had beached themselves on the shore. Native Americans generously taught the early settlers how to flense the carcasses as they lay on the beach.
In addition to the meat, oil was boiled out of the blubber. This oil was used to burn in lamps for illumination. The only alternative at the time was to read by the light of the hearth fire or by using bundles of soft pinewood that burned hot and clear, but produced a very sooty black smoke. The smoke dirtied all of the interior surfaces of the homes -- and people too!
Early recorded descriptions of the stranded animals tells us that most were "Blackfish." These were also called a number of other names, but are commonly known today as "Pilot Whales." The oil produced by boiling down the blubber made a far superior fuel for lamps than anything previously used.
As the early colonists became more skilled in the production of oil, they became more aggressive about actively pursuing blackfish off the shores of Massachusetts and Rhode Island rather than simply waiting for the occasional beaching. As they went farther out to sea, the whaling industry as we know it was born.
But we're getting a little off the point of the story.
Anyone at all familiar with the story of the American Revolution knows the story of the Boston Tea Party. This was not really a party at all, but rather a flagrant act of defiance of British authority. Parliament had imposed an expensive tea tax on the Colonists who had no representation in Parliament and therefore had no means of appealing the legislation.
However, as it turns out, the independence-minded colonists didn't only object to British rule, but also to that of the Massachusetts Commonwealth's central government. For you see, the colonists living along the shoreline weren't the only ones in Massachusetts to recognize the bounty of the sea that occasionally washed ashore and yielded valuable barrels of oil. The Commonwealth had also recognized this and demanded its "fair" share of any whale that washed up onto town land to help defray the costs of the central government. The Commonwealth share was roughly 30 gallons of oil from each animal. This would be sent to Boston and sold to merchants for shipment to England where it was highly valued. The cost of the supply from the Colonies was much less than from the alternative supplies from other European whalers. The products and natural wealth of the Colonies were seen as the rightful entitlement of the British Empire.
The key qualifier in the rule about owing a portion of the oil to the Commonwealth was that the whale had to be found on town land. In those early days, the shoreline basically fell into three categories: town owned, Native American owned, or unclaimed. How would the local town constable or clerk know if one were to lash a rope to a whale's tail, tow it a hundred yards off shore and down the beach a ways? When the rising tide erased all traces of the stranding (and subsequent towing), there would be no record at all to dispute the ownership of the sea's bounty.
This poaching extended across to Long Island. The New Englanders on the southern coast of what is now Connecticut, Rhode Island, and Massachusetts would regularly sail across the Sound, seize stranded whales on the Long Island beaches, tow them back to their homes and claim them as their own. As you can imagine, this created a very hostile relationship between Long Islanders of New York and the poaching New Englanders. This attitude lives on today between the followers of the respective Boston and New York professional sports teams.
Today, the rules for complying with government regulations are not so simply eluded. To the contrary, we are required to report out increasingly more precise operational details of our business. Who, had access to what data at what period of time and for what purpose? Was that person authorized? Did that person have simultaneous access to data and applications in violation of segregation of duties policies?
Answering these essential questions as demanded by outside auditors has become increasingly more expensive for global companies. Change to business procedures that comes from within an organization in order to meet a strategic objective is relatively inexpensive to achieve. On the other hand, change which is imposed from outside the organization, whether by changing customer needs, competitors' threats, or government regulations is the most expensive for any business to accommodate. That is because these imposed changes do not take into account the existing infrastructure of an organization as a starting point. Rather, they start with the end objective and force us to make systems comply in ways for which they were never designed. This requires that any solution must be rich in its functionality, highly flexible to integrate cleanly with this infrastructure, as well as economical to deploy.
Oracle has spent a good deal of time over the past months listening to our customer requirements for Governance Risk and Compliance (GRC) solutions that are more comprehensive yet easier to deploy and operate. Among other requirements, our customers tell us that they need solutions that provide:
- More functionality for flexible attestation reporting.
- Additional reporting templates to address common audit requirements.
- Graphical workflow design capabilities to more easily construct business rules for provisioning and approvals.
- Updated connector wizards and SPML support to more quickly and easily integrate new compliance functionality into heterogeneous IT infrastructures.
Oracle is pleased to announce the immediate availability of Oracle Identity Manager and invite our customers and prospects to visit here for more information.
As requirements for reporting audits become ever more demanding and sophisticated, our ability to easily assert successful compliance with government requirements will be ever more important to efficient operations. This representation of the quality and discipline of our companies will not only meet these regulated mandates, but will also build a positive reputation for our companies with our business partners and customers. Increasingly, companies will use high quality GRC best practices as competitive differentiators against those who must still rely on manual audit practices.
At Oracle, we listen closely to our customer requirements in one-on-one sessions as well as at public events. As I've participated in our Security Summits over the past weeks, I know that GRC compliance is foremost in our customers' minds and I believe that this new release of Oracle Identity Manager will be welcomed as a valuable product to help companies spend energies on running their business and competing in the global markets and less effort preparing for an audit.
