Monday Apr 29, 2013

Centrica webcast follow up - key takeaways and Q&A

Thank you to everyone that joined us on Thursday, April 25, 2013 for the Centrica webcast.  Chris Wilton, Senior Project Manager at Centrica, and Ben Bulpett from aurioPro SENA were the guest speakers.

If you missed the webcast, you can register for the replay here: Centrica Webcast Replay

Here are a few of the key takeaways that were discussed during the webcast:

Key Business Drivers:

  • Centrica needed to simplify log on to SAP, which is a critical business app
  • Wanted to reduce the number of passwords
  • Wanted to automate password resets
  • Wanted to reduce the number of helpdesk calls
  • Centrica wanted to be able to rapidly deprovision accounts for users that leave the organization

Cenrtrica wanted contingency plans in place should an ESSO outage occur

Centrica and aurionPro SENA used several Oracle products were used to achieve the desired results, some in place before this project.  They include:

Oracle Access Manager (OAM), Oracle Virtual Directory (OVD), Oracle Identity Manager (OIM), and Oracle Identity Federation (OIF)

 The project was completed in 60 days and provided a ESSO capability for HR and Payroll, with the ability to add additional applications in the future.  Over 45,000 internal and external users now have access provided by this system.

Here are some additional questions and answers related to this project:

Who sponsored the project within Centrica?

The project was initially sponsored by the Head of IS Power Generation, due to the number of passwords that Power Station staff were required to remember. However, as the requirement for a truly enterprise solution became more pressing, the sponsorship moved into the SAP Competency Centre.

Why did Centrica embark on another Identity Project after the original implementation?

The initial identity project did not implement federated identity, partially as there was an existing SSO solution within the British Gas business and there was not a requirement for an enterprise solution at the time the original ID project was put in place. Once the requirement was there to look at SSO on an enterprise level, leveraging the existing work that had been done.

How is the system managed and what service levels are required?

The solution is managed by our colleagues in British Gas, with the support element currently being undertaken by Infosys. Availability is as per the main IAM solution, with 99.5% availability and 24x7 support in place. RTO 30mins RPO 15mins

If you were to embark on the project again knowing what you do what would you change?

The intergration with the SAP Netweaver Portal v7.3 was the most challenging part of the project – we were unable to find any other company that had configured SAP Netweaver 7.3 to accept SAML 2 and initially didn’t have the necessary knowledge or resources to be able to implement this to begin with. Through a mix of extensive reading, coupled with trial and error, we were able to integrate the system. Specialist resourcing on the SAP side of things was the biggest lesson we took forward from this.

Wednesday Apr 24, 2013

What is Your Cloud Security Forecast?

Photo courtesy: www.cloudtweaks.com

You don’t like losing control – that is human nature. In your personal life or professional – whether you are an IT architect, a manager, developer, a DBA or an executive, you never like losing control or not knowing a situation or an outcome. But a cloud deployment is exactly that – where you don’t have a 100% control over or insight into the security framework that govern your applications or data in the cloud.

The problem is further exacerbated with latency and fragmentation. If it is not the same security policies that govern your enterprise infrastructure and your cloud deployment, duplicating security policy data in multiple places will complicate policy enforcement. Fragmentation, in turn, creates latency where a change in the system is not detected or acted upon immediately making your cloud systems vulnerable. If, for example, your employee changes jobs, unless the HR system is immediately able to trigger a revocation alert/workflow across all the applications and systems – both in-house and in the cloud, you may have inadvertently allowed unauthorized (and potentially damaging) access to your applications and data.

Of course, then there is audit and compliance. If you are a financial institution your cloud has to provide reporting to address the BASEL 2 requirements or you will incur financial penalties. If your cloud hosts your General Ledger – your cloud has to provide Sarbanes Oxley (SOX) certification. If your customers are in Europe, your cloud has to comply with the European data privacy directive. How do organizations, such as yours, provide timely compliance reporting and remediation if you don’t have visibility or if recent actions aren’t immediately recorded. Fragmentation and latency, thus, impact audit and compliance reporting. Simply put, if you don’t know about it, you can’t accurately report on it.

So, if fragmentation and latency are the issues, a standardized platform must be the antidote! Having a complete, standardized security and identity management platform will allow you to enforce uniform security policies across all your resources – on-premise or hosted. A platform approach implies seamless integration within components thereby getting rid of security and identity silos. A platform approach implies interoperability so that the framework works for your complete heterogeneous infrastructure. A platform approach affords scalability- you can support thousands or millions of users across the myriad of resources. You can scale to what the new digital experience requires!

Thanks to Oracle’s large and advanced customer base, the company realized the rationale for the platform approach to Security and Identity Management early on. Oracle offers the industry’s first Identity Management platform that is proven to be extensible enough to support your internet scale.

Learn more about Oracle’s platform approach to Identity Management and how you can leverage Identity services at internet scale. Download the free whitepaper today.

And for more information and resources, visit Oracle Identity Management on oracle.com today.


Monday Apr 22, 2013

Addressing the Top 5 Cloud Security Challenges

As we talk to organizations around the world, it is clear that most consider Cloud as the biggest opportunity today to reduce cost. To any organization, cloud offers numerous advantages – business agility, reduced operational costs, scalability, improved performance and more. With cloud deployments ranging from private to hybrid to public, the scale of benefits vary but so do the risks.

Going up the cloud continuum from on-premise to private to hybrid and then public cloud, IT’s control and visibility into security policies decreases.

Private clouds give organizations greater control over security and data privacy, compliance, and also quality of service, since private clouds can manage network bandwidth and implement optimizations that public clouds don’t allow. But much like your enterprise, risks arise from privileged access and insider threats. In the public cloud, policies are managed by an outside 3rd party which is the cloud service provider. A shared environment in the public cloud also causes security and compliance concerns. A hybrid cloud, by its very definition, encapsulates both the benefits and the risks of both the private and public clouds.

As we move through the spectrum, security policies get more and more fragmented as we duplicate policy data in multiple places. Consequently, latency also increases and risk increases exponentially. Add to that the compliance and governance issues and it is no wonder that Security continues to be the #1 barrier in cloud adoption. In fact, according to the “Private Cloud Vision vs. Reality”, InformationWeek Report, 2012, 82% of organizations say security and data privacy concerns are one of the main reasons they are phasing out, or have decided to not use, public cloud.

So, where best to focus your efforts so as to leverage cloud without risking security? A recent CSO Online survey of Chief Security officers found that the top 5 security concerns for cloud were all related to mobile data access, regulatory compliance and managing access to the data and the applications i.e., Identity Management.

Organizations that move applications into the cloud have to bridge the gap between the enterprise and the cloud by providing standardized security framework around data security and application access. Take some time to watch this brief screencast and learn how you can manage security risks, address governance issues while unlocking the full potential of the cloud.


Thursday Apr 18, 2013

Centrica drives down operational cost by implementing Single Sign On using Oracle IDM

Centrica Plc is an integrated energy company operating in 7 countries including the U.K. and U.S. that supplies electricity and gas for 30 million consumer and business customers.

In an effort to drive down operational costs due to password resets for their critical business applications, Centrica engaged aurionPro SENA to help them explore the most cost effective options.

The project goals were to:

  • simplify user log on to SAP
  • reduce the number of passwords
  • automate password resets
  • reduce the number of help desk calls (related to password issues)

To find out more about the Enterprise Single Sign on system designed and implemented for this project, join us on April 25, 2013 @ 10:00 am PST for a webcast featuring Chris Wilton, Senior Project Manager at Centrica, Ben Bulpett, Alliances and Enterprise Account Director at aurionPro SENA, and myself (Darin Pendergraft, Product Marketing, Oracle)

We will discuss the project and will have an opportunity for live Q&A.

Click Here to Register! 

Tuesday Apr 16, 2013

5th Annual EMEA Customer Advisory Board held in Vienna, March 18 - 20, 2013

This year the EMEA Customer Advisory Board (CAB) was held in the beautiful city of Vienna, Austria.  Representatives from Oracle product management and engineering teams met with customers from all over Europe to discuss market trends, product direction, and to get feedback on current products.

Day 1 focused on updates since the last CAB meeting, including the launch of 11gR2, the state of the IDM business, and featured updates from the Directory Team, the Access Management Team and the Identity Governance team.

Day 2 contained moderated discussions focusing on Mobile Identity Management, Cloud Identity Management, and Enterprise IDM.  The first of three customer presentations was delivered by Vodafone Romania who discussed how they are using Oracle IDM.

Day 3 contained customer presentations by BT and Turkcell, followed by breakout sessions, on topics ranging from risk management to upgrade & migration strategies.

Overall, this CAB was a very big success, and proved beneficial to both the Oracle Product Teams who collected valuable feedback from customers, and for customers to hear directly from the product teams about upcoming product road maps and direction.  Several customers also mentioned that they really enjoyed hearing about other customers' implementations and plans.

Thank you to all that attended, and a special thank you to those customers that presented! 

Friday Apr 05, 2013

Yarra Valley Water utilizes Oracle Identity Management

Yarra Valley Water (YVW) is the largest of Melbourne’s three water retail businesses. Owned by the State Government of Victoria (Australia), YVW provides water supply and sewerage services to over 1.7 million people and over 50,000 businesses in Melbourne’s northern and eastern suburbs, including some recycled water and trade waste customers.

YVW needed to automate account provisioning for both its partners and end users so that they have easy yet secure online access to YVW applications. Check out this video to find out more about YVW’s use case and how Oracle Identity Management helped.

Sunday Mar 31, 2013

Authentication and Authorization Problem in Cyprus

If you are following the Cyprus bailout story, you will sympathize with the extraordinary situation faced by Cypriots coping with unprecedented banking regulation. Faced with a risk of capital outflow, the government placed limits on domestic and foreign currency transactions. After the restrictions were lifted, it was discovered that there were loopholes that allowed withdrawals from subsidiary banks in London where the controls were not enforced. For controls to work they have to be consistent. The limits are very specific and very difficult to enforce. As institutions and governments try to apply fiscal or regulatory controls over large groups of people, the controls are only as effective as the identity management capabilities of the institution. The problem is latency. The longer it takes for an endpoint or in this case a bank subsidiary to get updated, the more security risk. In this case Cyprus loses a significant fraction of foreign deposits.

The problem is not unique to Cyprus. During the American financial crisis, the breakdown in trust almost froze the credit system. When a credit card is swiped at the local retailer, the authentication does not always go directly to the bank that issued the credit card. The transaction flows to a merchant bank. The entire system depends on keeping the merchant banks in synch. Every transaction we make without cash has an element of identity involved. The economic cost of identity authentication, while not explicit, is a factor in every credit card transaction and every purchase online. The Cyprus crisis demonstrates what can happen if identity controls break down or fail. In Cyprus the consequence is failure of the banking system.

Authentication failure at an individual level ends in fraud or theft. As the customer experience becomes more digital the consequences are more drastic. Authentication failure can hurt an individual, a business or in this case compromise the future of a nation.

Friday Feb 15, 2013

Identity Goes Shakespearean with King Richard III - A Forbes Feature

King Richard III: Villain, Hero, or Tragic Victim of Identity Theft?

What does Identity Management has to do with the recent discovery of King Richard III remains? A Lot, according to this recently published post in Forbes Magazine from the Oracle Identity Management team.

Don’t miss this interesting Shakespearean twist to Identity Management. Turns out, authentication and Identity Management are more pervasive than it’d appear on the surface. Identity is King!

As always, we welcome your feedback and thoughts. Please send us your comments here and engage with us on Twitter and Facebook.

Monday Feb 11, 2013

Amit Jasuja - Cloud, Mobile and Social Will Drive Digital Security

Amit Jasuja sat down for an in-person interview to discuss how digital security is changing and how cloud, mobile and social are driving the transformation. The entire interview can be found here.

It's more virtual and less physical

In the past most security was focused on the physical protection of buildings and access to systems. The security transformation means securing content and information in places we don't have control. The point of control has moved from the enterprise to the cloud. 

It's more integrated than fragmented 

Instead of multiple point products being used to secure systems, we will see a more integrated approach where security information is shared across components. By de-fragmenting the data, security becomes more responsive.

It's more mobile and less stationary

The shift to mobile applications will expose organizations to new threats and operational challenges. Security will need to scale to protect the vast number of changing devices.  

It's about getting it done right and avoiding rework 

Organizations will focus on deployment of technologies to get it done right the first time. We will choose technologies that provide a clear roadmap and upgrade path to avoid costly rip and replace projects. 

Thursday Feb 07, 2013

Richard III – Authentication Gets Shakespearean

With the recent discovery of Richard III in a Leicester parking lot, we realize that authenticating an individual is as important as authenticating a king. Your identity is king.

The recent twitter #authchat provides a good survey of authentication techniques. Authenticating Richard required many of the same identity management techniques we use in software. Here are a few observations:

Biometrics

DNA evidence from two related descendants was critical in verifying the identity of the king. The same is true for the way we authenticate today. While we may use finger print readers on our laptops and in our data centers, we still rely on additional factors of authentication beyond biometrics. From the description of the battle of Bosworth, many thumbs and fingers were most likely misplaced – lots of parts everywhere. If Richard were alive today, he would have commanded, “my kingdom for a thumb!” If the researchers had tested DNA from the wrong thumb, the results would have been wrong. Biometrics are only a piece of the puzzle.

Third Party Verification

The research team had to find a descendant to verify the DNA of Richard III. DNA, like a certificate, on its own is not enough to prove who you are.  A third party has to vouch for the fact that the information is correct. We may think we are advanced because we can make an instant SAML request to an identity provider to log into our 401K plan or download a ringtone, but it is perhaps more amazing that the team found an identity provider (Richard's descendant nephew) across 500+ years of the family tree, in a country thousands of miles away.

Context Aware

Finding the king and verifying the identity were almost equally challenging tasks. The location information from history played a role. In addition, the context of the injuries and the battle description were all indicators that helped to confirm the identity. Other factors including radio carbon dating and food consumption patterns were all part of the context used in the formula. Today, with many users with different roles accessing our systems, adaptive access and context aware security are used to complement authentication. Now, we may be a long way from using food consumption patterns to authenticate a user on a banking website, but I would not rule it out. It gives validity to the claim “you are what you eat.”

The key is that no single form of authentication is sufficient in all circumstances. Context helps to provide ongoing assurance that we are dealing with the correct user. It turns out Richard III was not the tyrant as he is remembered, but perhaps just the victim of identity fraud. Congrats to the research team – truly a remarkable accomplishment and the discovery demonstrates that “the king’s name is [still] a tower of strength”(Shakespeare,Richard III) -- especially given the amount of media exposure.

Friday Dec 28, 2012

Globe Trotters: The Difference between Authentication and Authorization

Meet Christian Patrascu. Christian is Senior Group Manager with Oracle. A seasoned Security professional and a reputed Identity Management expert, Christian is a member of the EMEA outbound Product Management team that drives sales and adoption of Oracle Fusion Middleware within the Europe, Middle East and Africa (EMEA) region. Oracle Fusion Middleware is a portfolio of leading, standards-based and customer-proven software products that spans a range of tools and services from J2EE and developer tools, to integration services, business intelligence, collaboration, content management and Identity Management.

Christian recently sat down for an interview with Sebastian Graf (DOAG Head of the SIG BPM) where he discussed the difference between Authentication and Authorization and the importance of both in an enterprise' end-to-end security strategy. DOAG (Deutsche Oracle User Group) is one of the largest organized and independent Oracle user groups in Europe.

The discussion on authentication and authorization is especially relevant in today's "anytime, anywhere" world where business and personal boundaries have blurred and users are looking for a seamless experience between their social and business channels via mobile devices and more. So, as we close out 2012 and look to 2013, we thought this video interview would be apt for the last edition of Globe Trotters for 2012.

We wish you all a very safe and Happy New Year and look forward to engaging with you in more security discussions.

Sunday Dec 09, 2012

Amit Jasuja's Session at Gartner IAM with Ranjan Jain of Cisco

If you did not get a chance to attend Amit Jasuja's session at Gartner IAM this week in Las Vegas, here is a summary of the session and a copy of the slides. The agenda featured an introduction by Ray Wagner, Managing VP at Gartner, followed by Amit discussing the trends in Identity and Access Management shaping Oracle's strategy.

Today we are seeing the largest re-architecture in a decade. Every business from manufacturing to retail is transforming the way they do business. Manufacturing companies are becoming manufacturing services companies. Retail organizations are embracing social retail. Healthcare is being delivered on-line around the clock. Identity Management is at the center of the transformation. Whether you are Toyota embracing a social network for cars or launching the next Iphone, the Identity of the user provides context to enable the interaction and secure the experience. All of these require greater attention to the context of the user and externalizing applications for customers and employees. 

Ranjan discussed how Cisco is transforming  by integrating 1800 applications to a single access management framework and consolidating 3M users across 4 data centers to support internal and external processes. David Lee demonstrated how to use Oracle Access Manager 11g R2 on a mobile application to sign-on across multiple applications while connecting mobile applications to a single access control policy.


Monday Dec 03, 2012

Breakfast Keynote, More at Gartner IAM Summit This Week

Gartner Identity and Access Management Conference
Oracle Corporation

Gartner Identity and Access Management Conference


We look forward to seeing you at the....
Gartner Identity and Access Management Conference

Oracle is proud to be a Silver Sponsor of the Gartner Identity and Access Management Summit happening December 3 - 5 in Las Vegas, NV.

Don’t miss the opportunity to hear Oracle Senior VP of Identity Management, Amit Jasuja, present Trends in Identity Management at our keynote presentation and breakfast on Tuesday, December 4th at 7:30 a.m. Everyone that attends is entered into a raffle to win a free JAWBONE JAMBOX wireless speaker system.

Also, don’t forget to visit the Oracle Booth to mingle with your peers and speak to Oracle experts. Learn how Oracle Identity Management solutions are enabling the Social, Mobile, and Cloud (SoMoClo) environments.

Visit Oracle Booth #S15 to:

Exhibit Hall Hours

Monday, December 3 — 11:45 a.m. – 1:45 p.m. and 6:15 p.m. – 8:15 p.m.
Tuesday, December 4 — 11:45 a.m. – 2:45 p.m.

To schedule a meeting with Oracle Identity Management executives and experts at Gartner IAM, please email us or speak to your account representative.

We look forward to seeing you at the Gartner Identity and Access Management Summit!


Visit Oracle at Booth #S15

Gartner IAM Summit
December 3 - 5, 2012
Caesars Palace

Attend our Keynote Breakfast

Trends in Identity Management
Tuesday, December 4, 2012
7:15 a.m. - 8:00 a.m., Octavius 16

Speakers:
Amit Jasuja, Senior Vice President, Identity Management Oracle
Ranjan Jain, Enterprise Architect, Cisco

As enterprises embrace mobile and social applications, security and audit have moved into the foreground. The way we work and connect with our customers is changing dramatically and this means re-thinking how we secure the interaction and enable the experience. Work is an activity not a place - mobile access enables employees to work from any device anywhere and anytime. Organizations are utilizing "flash teams" - instead of a dedicated group to solve problems, organizations utilize more cross-functional teams. Work is now social - email collaboration will be replaced by dynamic social media style interaction. In this session, we will examine these three secular trends and discuss how organizations can secure the work experience and adapt audit controls to address the "new work order".

Stay Connected:
Twitter Oracle on Facebook Oracle Feed
For more information, please visit www.oracle.com/identity.

Hardware and Software Engineered to Work Together
Copyright © 2012, Oracle. All rights reserved. Contact Us | Legal Notices and Terms of Use | Privacy Statement

SEO100120175

Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.

Wednesday Nov 14, 2012

Security Newsletter November Edition is Out

The November edition of the Security Inside Out Newsletter is now out. This month’s newsletter captures the highlights from Oracle OpenWorld. The conference registration broken all the past records and so did all Security related events and activities at OpenWorld. From Security keynotes, conference sessions, hands-on-labs, product demonstrations to the very successful Executive Edge @ Openworld: Chief Security Officer Summit. The main feature discuses the key topics and trends compiled from across all the Security related sessions.

The newsletter also features an interview with Amit Jasuja, Senior Vice President, Security and Identity Management at Oracle. Amit discusses the key trends in the industry and how these have helped shape innovation in the latest release of Oracle Identity Management solution set. If you are looking at cloud, social and mobile and are concerned about security, you don’t want to miss this feature.

As always, the newsletter captures both recent and upcoming Security and Identity Management events, conferences, training, news and more. So, if you haven’t done so, we recommend you subscribe to the Security Inside Out Newsletter today.

We’d love to hear from you. Let us know some topics you’d like to see covered in the upcoming editions. Or just let us know how we are doing. We look forward to hearing from you.

Thursday Nov 08, 2012

Identity R2 Event Orlando

Oracle Corporation
Oracle - Take the Next Big Step in Identity Management Evolution

Take the Next Big Step in Identity Management Evolution

We call the latest release of Oracle Identity Management 11gthe evolved platform. And for good reason. It simplifies the user experience, enhances security, and allows businesses to expand the reach of identity management to the cloud and mobile environments like never before.

Join this important event to discuss the recent launch of Oracle Identity Management 11g. You'll learn more about the evolution of this exceptional business solution and get the unique opportunity to network with existing Oracle customers and speak directly with Oracle product experts. The agenda includes:

  • Overview of capabilities
  • Product demonstrations
  • Customer and partner presentations
  • Discussion with early adopters

Register now for the event or call 1.800.820.5592 ext. 11087.

Register Now

Join us for this event.

Thursday, December 6, 2012

The Capital Grille
Pointe Orlando, 9101
International Drive
Orlando, FL 32819

Get Directions

Agenda
9:00 a.m. Registration & Continental Breakfast
9:30 a.m. Welcome Remarks
Dave Profozich, Group Vice President, Oracle
9:45 a.m. Keynote:Oracle Identity Management 11g R2
Scott Bonnell, Sr. Director Product Management, Oracle
10:30 a.m. Coffee Break
10:45 a.m. Oracle 11gR2 Overview/Demo/Technical walkthrough
Mark Wilcox, Sr. Manager Product Management, Oracle
11:45 a.m. Closing Remarks
Dave Profozich, Group Vice President, Oracle
12:00 noon Networking Lunch

Register now for this exclusive event or call 1.800.820.5592 ext. 11087.

If you are an employee or official of a government organization, please click here for important ethics information regarding this event.
Hardware and Software Engineered to Work Together
Copyright © 2012, Oracle and/or its affiliates.
All rights reserved.
Contact Us | Legal Notices and Terms of Use | Privacy Statement
SEV100122190

Thursday Nov 01, 2012

Secure Government Series Part 3

Oracle Corporation
Secure Government Training Series
Safeguarding Government Cyberspace

Click here, to register for the live webcast.


Safeguarding Government Cyberspace


Cybersecurity threats represent one of the most serious national security, public safety, and economic challenges. While technologies empower government to lead and innovate, they also enable those who seek to disrupt and destroy progress. Cloud computing, mobile devices and social networks help government reduce costs and streamline service delivery, but also introduce heightened security vulnerabilities.

How can government organizations keep pace with heightened service delivery demands and advancements in technology without compromising security?

Join us November 28th for a webcast as part of the “Secure Government Training Series” to learn about a security portfolio that helps organizations mitigate cyber attacks by providing Full-spectrum cybersecurity capabilities that harden the data tier, lock down sensitive information, and provide access controls and visibility for frequently targeted systems.

Gain insights to an integrated security framework and overall strategy for preventing attacks that will help your organization:

  • Deploy resilient IT infrastructure
  • Catalog and classify sensitive and mission-critical data
  • Secure the enterprise data tier and lock down trusted insider privileges at all levels
  • Automate and centralize enterprise auditing
  • Enable automated alerting and situational awareness of security threats and incidents


For more information, access the Secure Government Resource Center or to speak with an Oracle representative, please call1.800.ORACLE1.




LIVE Webcast
Safeguarding Government Cyberspace
Date:
Wednesday,
November 28th, 2012

Time
:
2:00 p.m. ET
Visit the Secure Government Resource Center

Click here for information on enterprise security solutions that help government safeguard information, resources and networks.

ACCESS NOW

Visit the Secure Government Resource Center
Hardware and Software Engineered to Work Together
Copyright © 2012, Oracle. All rights reserved. Contact Us | Legal Notices | Privacy Statement

Wednesday Oct 24, 2012

UPMC Picks Oracle Identity Management

UPMC, a $10-billion integrated global health enterprise, has selected Oracle as a key technology partner in UPMC’s $100-million analytics initiative designed to help “unlock the secrets of human health and disease” by consolidating and analyzing data from 200 separate sources across UPMC’s far-flung network.As part of the project UPMC also selected Oracle Identity Management to secure the interaction and insure regulatory compliance. Read complete article here.

As healthcare organizations create new services on-line to provide better care Identity Management can provide a foundation for collaboration.

Tuesday Oct 16, 2012

IDC's Sally Hudson on Securing Mobile Access

After the launch of Identity Management 11g R2, Oracle Magazine writer David Baum sat down with Sally Hudson, research director of security products at International Data Corporation (IDC) to get her perspective on securing mobile access.  Below is an excerpt from the interview. The complete article can be found here.

"We’re seeing a much more diverse landscape of devices, computing habits, and access methods from outside of the corporate network. This trend necessitates a total security picture with different layers and end-point controls. It used to be just about keeping people out. Now, you have to let people in. Most organizations are looking toward multifaceted authentication—beyond the password—by using biometrics, soft tokens, and so forth to do this securely. Corporate IT strategies have evolved beyond just identity and access management to encompass a layered security approach that extends from the end point to the data center. It involves multiple technologies and touch points and coordination, with different layers of security from the internals of the database to the edge of the network." ( Sally Hudson, Oracle Mag Sept/Oct 2012)

As the landscape changes you can find out how to adapt by reading Oracle's strategy paper on providing identity services at Internet scale

Wednesday Oct 03, 2012

The Threats are Outside the Risks are Inside

In the past few years we have seen the threats against the enterprise increase dramatically. The number of attacks originating externally have outpaced the number of attacks driven by insiders. During the CSO Summit at Open World, Sonny Singh examined the phenomenon and shared Oracle's security story. While the threats are largely external, the risks are largely inside.

Criminals are going after our sensitive customer data. In some cases the attacks are advanced. In most cases the attacks are very simple. Taking a security inside out approach can provide a cost effective way to secure an organization's most valuable assets.

Tuesday Oct 02, 2012

Identity Management: The New Olympic Sport

How Virgin Media Lit Up the London Tube for the Olympics with Oracle

If you are at Open World and have an interest in Identity Management, this promises to be an exciting session.


Wed, October 3rd
Session CON3957: Delivering Secure Wi-Fi on the Tube as an Olympics Legacy from London 2012
Session Time: 11:45am-12:45pm
Session Location: Moscone West L3, Room 3003
Speakers: Perry Banton - IT Architect, Virgin Media
                   Ben Bulpett - Director, aurionPro SENA

In this session, Virgin Media, the U.K.'s first combined provider of broadband, TV, mobile, and home phone services, shares how it is providing free secure Wi-Fi services to the London Underground, using Oracle Virtual Directory and Oracle Entitlements Server, leveraging back-end legacy systems that were never designed to be externalized. As an Olympics 2012 legacy, the Oracle architecture will form a platform to be consumed by other Virgin Media services such as video on demand. Click here for more information.

Executive Edge: It's the end of work as we know it


If you are at Oracle Open World, it has been an exciting couple of days from Larry's keynote to the events at the Executive Edge. The CSO Summit was included as a program within the Executive Edge this year. The day started with a great presentation from Joel Brenner, author of "America The Vulnerable", as he discussed the impact of state sponsored espionage on businesses. The opportunity for every business is to turn security into a business advantage. As we enter an in-hospitable security climate, every business has to adapt to the security climate change. 

Amit Jasuja's presentation focused on how customers can secure the new digital experience. As every sector of the economy transforms to adapt to changing global economic pressures, every business has to adapt. For IT organizations, the biggest transformation will involve cloud, mobile and social. Organizations that can get security right in the "new work order" will have an advantage. It is truly the end of work as we know it.  The "new work order" means working anytime and anywhere. The office is anywhere we want it to be because work is not a place it is an activity. Below is a copy of Amit Jasuja's presentation.


Tuesday Aug 21, 2012

Mobile and Social Sign On with Oracle Access Management

Oracle Identity Management 11g Release 2 provides an innovative platform that secures access from mobile devices and enables applications to consume social identities. This capability is especially significant as usage of mobile devices and social media skyrockets and employees are increasingly using their own mobile devices to access corporate resources, which in turn makes it much more challenging for IT organizations to enforce and maintain their audit, compliance, and privacy requirements.

Recently, I sat down with Dan Killmer, Principal Product Manager for Oracle Mobile and Social Access Management. We discussed how Oracle’s latest innovation in Identity Management around Mobile and Social Sign On can simplify security and access management challenges posed by the widespread adoption of mobile devices in the enterprise. Click here to listen.

Friday Aug 03, 2012

North America Identity R2 Events


THE PLATFORM EVOLUTION

Experience the Next Big Step in Identity Management Evolution

We call our latest release of Oracle Identity Management 11g the "Evolved Platform." And for good reasons. It simplifies the user experience, enhances security, and allows businesses to expand the reach of identity management to the cloud and mobile environments like never before.

We've designed a series of events that will provide a unique opportunity to network with existing Oracle customers and speak directly with Oracle product experts. Join us in a location near you and learn more about the evolution of this exceptional business solution.

Included will be:

  • Overview of capabilities
  • Product demonstrations
  • Customer and partner presentations

NORTH AMERICA EVENTS


Thursday Aug 02, 2012

Oracle at Gartner Catalyst 2012, San Diego

Oracle is proud to be a Platinum sponsor of the Gartner Catalyst Conference 2012.

The central theme of this year’s Catalyst Conference is “Any Device, Any Service, Any Source”. The event will feature five in-depth tracks which deal with the most pressing topics in modern IT industry including Identity Management, Data Security, Cloud Computing, Mobility and Virtualization. Attendees will also get opportunities to collaborate and network with industry analysts and peers, hear inspiring keynotes and gain immediate takeaways that they can apply back to everyday work.

This year’s Oracle highlights include:

  • Hospitality Suite: Oracle is hosting a Hospitality Suite at the Catalyst Conference on Tuesday, August 21,2012. Attendees can meet with Oracle Solution experts who will showcase demos in cutting edge topics including Identity Management, Mobile Security, Database Security, and Desktop Virtualization. The Oracle Hospitality Suite will be held Tuesday, August 21,2012 between 5:10 p.m. – 8:10 p.m. in Ballroom Emma A-C.
  • Customer Reception: Oracle and PwC will be hosting a Networking Reception on Monday, August 20, 2012 from 7:30 p.m. – 9:30 p.m. Attendees can mingle with Oracle Security executives and PwC leaders at one of San Diego’s exciting downtown restaurants conveniently located close to the event location. Click here to RSVP for this by-invitation-only reception, 
  • Meet the Experts: Join us from 6 p.m. to 7 p.m. at the Oracle Hospitality Suite on Tuesday, August 21, 2012 and meet our Desktop Virtualization experts who will discuss the right approach for enterprise desktop virtualization, and how it can enable higher security when accessing enterprise apps from any device and any location. This will be an informal session where you can network with Oracle experts and peers.

To view the agenda and to find out more about the Gartner Catalyst Conference 2012 visit: http://www.gartner.com/technology/summits/na/catalyst/agenda.jsp

To learn more about Oracle Identity Management, watch the launch webcast of Oracle Identity Management 11gR2 here

Register here for this year’s Conference.

Monday Jul 30, 2012

Adaptive Access in Oracle Identity Management 11gR2

[Guest Post by Mark Karlstrand] 

Mark Karlstrand is a Senior Manager of Product Management at Oracle focused on innovative security for enterprise web and mobile applications. Over the last sixteen years Mark has served as director in a number of tech startups before joining Oracle in 2007. Working with a team of talented architects and engineers Mark developed Oracle Adaptive Access Manager, a best of breed access security solution.

With the latest release of Oracle Identity Management, Oracle is delivering some dramatic context-aware security enhancements as part of its Access Management solution stack. There are a couple of different market trends driving these enhancements. Firstly, online threats are constantly evolving which results in the need for adaptive access security mechanisms. Secondly, the rapid adoption of mobile computing and migration of fraud attacks to mobile devices is pushing enterprises, banks and e-commerce providers to demand sophisticated fraud prevention capabilities across both web and mobile channels. Recently Gartner put out a research note which estimates that by year end 2013, 12.5% of all ecommerce transactions will be conducted via mobile devices. The latest release of Oracle Access Management includes significant features within Adaptive Access to strengthen web, cloud and mobile access security.

  • Risk-Aware Access Management: Oracle Access Management now provides a seamless experience when users navigate between low risk and high risk resources. Higher risk resources are protected by risk-based adaptive authentication which is transparent to end users unless their behavior is abnormal. For example, if a user accesses a low risk application via their web single sign on password then attempts to access a high risk application while on a trip to a country they rarely visit the user may be asked to enter a one-time password delivered to their cell phone.
  • Adaptive Access for Mobile Computing: Adaptive Access capabilities have been integrated with the new Mobile and Social component of Oracle Access Management. This provides advanced security features including device registration and tracking, location awareness, lost/stolen device control and risk based authentication to secure access via both iOS native applications and mobile browsers. This allows customers to extend their enterprise web access security to cover mobile use cases which maintains manageability and centralized control across channels of access.
  • Auto Learning for Transactions: We have extended our auto-learning functionality to cover application transaction use cases. Our Adaptive Access solution profiles transactional behaviors and detects anomalies in real-time. For instance, an online banking provider can detect transactional anomalies that may occur if a user’s browser is infected with “man-in-the-browser” malware. If for example, malware alters the destination account in a funds transfer transaction, this could be detected. The solution tracks the frequency of data combinations and determines the risk in real-time by taking into account historical behavior.
  • Access Monitoring: With Adaptive Access, we also enable healthcare organizations to meet tough compliance requirements related to tight controls on electronic medical record access. HIPAA/HITECH requires providers to take a more proactive posture and our real-time analytics technology is helping them achieve this goal.
  • Cloud Service Provider Layered Security: Security concerns are still a top item preventing many businesses from taking advantage of cloud service offerings. Now, cloud service providers can easily provide context-aware layered access security even when users authenticate within their own enterprise environment and access cloud services via federation. For example, If a user authenticates to their corporate SSO then navigates to the cloud service risk analysis and identity verification can be applied if the user attempts to access any high risk service or application in the cloud. 
To find out more about Adaptive Access capabilities in Oracle IDM 11gR2, click here
About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today