Thursday Nov 20, 2014

Advanced Registration Now Open for new Oracle Mobile Security Primer eBook

Today, just as organizations are starting to understand the first wave of the mobile revolution, there are now numerous demands being placed on IT to support the second wave as new generation devices and applications are coming online to take advantage of these new capabilities in today’s corporate environment.


Register now to gain access to the new eBook: Oracle Mobile Security Primer as soon as it is published.


The Oracle Mobile Security Primer will provide a deeper understanding of not only the fundamentals, but also the complex issues related to mobile security in today’s corporate mobility environment. If you maintain the role of a mobility planner, security architect, CISO, security director, IT director, operations manager or just simply want to stay up on the latest trends around mobile security, then pre-register for this new eBook: Oracle Mobile Security Primer.


Some of the areas covered in this eBook:

  • A look at the changing mobile and business requirements
  • Deep dive in the technologies used to secure the mobile platform today
  • Containerization and application management
  • The role Identity Management plays on the mobile device
  • The broader view of securing the mobile stack

Registration will allow Oracle to provide notification to you upon its availability in both eBook and printed form by McGraw-Hill.

www.mhprofessional.com/mobsec

Wednesday Nov 05, 2014

Enterprise Role Definition: Best Practices and Approach

Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle (Diamond) Partner that has graciously agreed to present on best practices garnered from experience working on Large Enterprise IDM deployments in a four part series hosted here in the Identity Management Blog.

Role Engineering

Today a number of organizations are considering or are in the process of moving to a Role Based Access Control (RBAC) model. Role Engineering is the process by which an organization develops, defines, enforces, and maintains role-based access control. RBAC is often seen as a way to improve security controls for access and authorization, as well as to enforce access policies such as segregation of duties (SoD) to meet regulatory compliance. It establishes effective controls and insight into “Who has access to What”.

RBAC Basic

The concept of roles is defined in the ANSI RBAC standard that was first proposed by the National Institute for Standards and Technology (NIST). The model for RBAC illustrates the mapping between users, roles, and privileges (permissions) in base RBAC. Privileges are collections of system-specific operations on objects that can be mapped to roles.


Infosysblogpost4_image1
Image 1: ANSI RBAC Model

Role

A Role is described as a collection or group of users who share same position or perform the same function. Roles can be defined at Business level and Information Technology (IT) level.

Business Roles: these represent  job functions and related set of responsibilities. These responsibilities are influenced by the relationship of the role to the organization. Business roles can be associated with specific conditions or events, such as hiring and internal transfer for particular job function. Example: supervisor, program manager, customer service representative, and bank teller. Business Roles can be defined by using a Top-down approach by reviewing organizational business and job functions and mapping the permissions for each job function. This approach is more business-driven and provides alignment of roles with business functions.

IT System Roles: these represent technical responsibilities as a collection of privileges across multiple systems that are required to perform a job function. These can be identified as application roles which are application specific, such as a controller permission to an ERP system. Application-specific roles are frequently associated with events like transactions which are configured within application. Examples include: sourcing user, buyer privileges in an ERP application or administrator, domain user permissions in Active Directory. IT Roles can be defined in a Bottom-up approach by analyzing user access and permissions on existing applications and systems. Once user permissions are explored, the next step is to perform role normalization and rationalization. In this approach, roles are defined to meet application or system specific access requirements.


Image 2: Enterprise Role Definition

Challenge

Organizations face various challenges with regard to role engineering such as: how to define and establish a role-based model on a large scale, how to associate user to roles and roles to application/target resources, how to associate business rules and policies to roles, and how to maintain enterprise roles over time.
Role definition is a critical step in deploying any RBAC system. Roles can be defined at an abstract level from a business perspective (Top-down), or context-specific to an application or system from a technology perspective (Bottom-up). Both Top-down and Bottom-up approaches have their own challenges. For instance, Top-down approach does not provide easy enforcement capabilities. Abstracting roles may not be possible without understanding the entire context. Whereas, Bottom-up approach lacks the perspective of or input from business owners.

Best Practices

Infosys recommends a Hybrid approach that combines both Bottom-up and Top-down approach. This approach defines role as an association between user’s functional responsibilities and their IT access privileges.  The Hybrid approach leverages normalized roles derived from bottom-up role mining and aligns them to job functions derived from top-down analysis.  For example, when an employee joins an organization in the customer service department and that person's user account is created the enterprise role management system will determine the user’s attributes such as organization unit, department code, job title. User rules will then translate entitlements to a given customer service representative role in order to provide access rights to applications such a CRM system, call center application, email system or expense tracking system in order for the user to perform his/her job duties.


Image 3: Hybrid Approach to Role Engineering

Infosys has successfully leveraged Oracle Identity Analytics (OIA) to perform bottom-up role mining, role definition, segregation of duties (SoD) reporting, access certification and role governance. Apart from OIA, Infosys has also leveraged homegrown analytics scripts and tools to analyze and associate top-down functional role definition. The process of defining roles should be based on a thorough analysis of how an organization operates and should be an integrated effort with representation from both Business and IT. Role definition and management requires alignment between business owners, business analysts, IT managers and IT administrators. IT representatives provide expertise in evaluating entitlement, authorization data and knowledge of IT control systems, and application owners provide the perspective on how the business operates.

RBAC Methodology

Embarking upon enterprise wide Role Based Access Control initiative requires strategic planning and an organized methodology to achieve the expected business benefits. RBAC initiatives should start with a small scope which can be expanded gradually to define and manage role on an ongoing basis.
RBAC can be achieved enterprise wide by conducting iterative role design cycle with define set of business units in terms of users and number of in-scope applications. It is important to define boundaries for user population, applications, and the number of business units to be included in the project.
The following diagram describes the RBAC Methodology


RBAC Methodology

RBAC Methodology


RBAC Phases

Brief Description

Identity Warehouse

  • Assess existing system privileges information. Application/ system access data is the foundation to build Identity Warehouse for defining roles in the organization.
  • Identify and prioritize logical sets of users based on Business Units, Departments and Reporting Hierarchy.

Role Definition

  • Perform Role Mining on selected sets of logical groupings of user privileges and access rights that map to a department, geographical location, job function, reporting relationship or other organizational attributes.
  • Conduct workshops to refine and finalize Roles and SoD.
  • Role Mining can become a continuous process of refinement as organizations become more mature in their understanding of roles.

Role Governance

  • Establish Role Governance model and framework to maintain roles on an ongoing basis.
  • Role governance should address role life cycle management, role membership and role definition, creation and maintenance of additional data elements that impact the assignment and management of roles.
  • Develop Role Entitlement Certification Workflow. An enterprise that adopts role-based access control also needs to define processes for ensuring that roles are kept up-to-date, old roles are retired and new roles defined to meet new business needs.

Enforce Role

  • Once a role model has been defined, next move is to leverage that model in the user-provisioning process.
  • To assign roles to users, enterprises can choose manual, automated, or request-based systems. Provisioning systems are often used to facilitate user-to-role assignment through internal rule processing.
  • Effective RBAC reduces the risks of users having inappropriate access. As users change their job function, new roles are assigned and old roles are removed. This results in user’s access and privileges matching their job functions.

Conclusion

For a Role Based Access Control model to be successful, it is imperative to have a detailed understanding of how an organization functions and should have participation from both business and IT stakeholders.  Roles should be defined with an eye towards lifecycle management. The optimal approach is to have Hybrid approach with combination of top-down and bottom-up role discovery.

Enterprise role management involves ongoing design, creation, change, and management of roles and the periodic certification of users to their roles.  Leverage enterprise role management tools such as OIA to include role mining, role definition and access recertification. A holistic approach to RBAC and role governance framework will help enterprises in maintaining segregation of duties, keeping up with regulatory compliance requirements, and automating role-based provisioning to enterprise applications.

We hope our experiences and thoughts will help organizations with their security solution planning and implementation. Please reach out to our team and the writers for any queries, feedback and suggestions and be sure to read the previous blog entries in this series:

Design Considerations: Implementing Oracle Identity Management for large enterprises
Disconnected Application Framework in OIM 11g R2 PS1
Best Practices: Implementing SSL in Oracle Identity Manager

Visit the Oracle Technology Network for more information about Oracle Identity Manager including downloads, documentation and samples.

About the Author


Vikesh Parmar is a Senior Technology Architect with the Enterprise Security & Risk Management (ESRM) practice at Infosys Limited. . He has over 14 years of experience providing security services to clients. He has been primarily involved in engaging multiple organization to establish or improve security posture to support business critical processes; define strategy, roadmap, & architecture and manage large scale Identity & Access Management implementation programs.
Vikesh can be reached via LinkedIn

Tuesday Jul 15, 2014

Three Reasons Management Will Thank You For Implementing IDM Monitoring - Aurionpro

Identity Management (IDM) platforms protect your most critical enterprise assets: your apps and your enterprise data.  Many companies spend significant investments designing and implementing IDM solutions, but an alarmingly few actively monitor the health of them. That’s like driving a new car for 30,000 miles without checking the oil. Like cars, all software products require maintenance. Active monitoring provides information in advance of potential failures and will help keep your IDM solution running smoothly. Since IDM solutions typically involve various layers of technology and include integrations with a number of source systems, monitoring should be seen as a critical component of a successful long-term IDM strategy.  

It’s unfortunate that IDM monitoring is often times evaluated after the IDM solution is already in place as there are significant benefits that can be overlooked. Three of these compelling reasons are:

1.    Up to 10X reduction in cost of issue resolution

It’s a well-known fact that issues are much more expensive to address in a production environment than during testing cycles. Barry Boehm, the famous Computer Scientist, quantified that the cost of finding and fixing a software problem after delivery is often 100 times more expensive than finding it earlier in the cycle. In our experience, the cost is approximately 10X more expensive, but either way, it’s clear that the earlier you find an issue the better.

Active monitoring can be an enormous cost saver due to its early symptom identification capabilities. Finding an issue before it strikes based on early warnings uncovered by active monitoring technologies, and resolving the issue in a development or testing environment can be a huge cost saver. If you’ve ever had to solve a complex performance- or integration-related issue in a production environment, I’m sure you can relate to just how important this can be.

In a large-scale IDM deployment, for example, there can be any number of root causes that might result in a Single Sign On (SSO) failure. The issue may reside at the application layer, the integration layer, the network layer, or the database layer.  Without a comprehensive monitoring solution that consolidates the data from each of the system’s components, it could be an onerous effort to sift through the extensive set of logs with the hope (and a prayer) that the issue can be identified.  We experienced this exact scenario recently and, thankfully, we had Oracle’s Enterprise Manager in place, which helped us to determine that our Directory replication was failing. Without this monitoring tool, it would have been a much more tedious and costly process to identify and resolve the issue.

The beauty of an active monitoring solution is that it immediately alerts you about the issue and provides sufficient information to initiate quick remedial action.  It also provides detailed reports that aid in the understanding of the system performance and stability trends.

2.    Most companies achieve ROI break even within 1-2 years

Putting an active monitoring solution in place is primarily a one-time effort and cost, as the ongoing resource needs to support the technology post-deployment are minimal. The million dollar question is whether or not the cost of the technology and the resource needs to set up such a solution is worth it? The short answer is YES. Avoidance of a single production-level issue (as was described above) might actually pay for the entire system by itself. Such IDM monitoring solutions also reduce manual monitoring costs while minimizing system down time, both of which also add up to hard cost benefits. We have often observed that the cost reductions and cost avoidance that result from an active Identity Management monitoring solution pay for the cost of the solution within a 1-2 year period.

3.    Identity Management monitoring solutions can be implemented quickly, and in phases


As is the case with most software categories these days, there are a number of options available that can help to achieve the benefits of active IDM solution monitoring. We’ve had a ton of success with Oracle’s Enterprise Manager (OEM) 12c product, Oracle’s integrated enterprise IT management product line. Oracle Enterprise Manager creates business value by leveraging the built-in management capabilities of the Oracle stack for traditional and cloud environments, allowing customers to achieve efficiencies while exponentially increasing service levels. If you’re deploying parts of Oracle’s Identity Management Suite, you’ll want to heavily consider deploying OEM.

Key OEM features include:

•    Automated Discovery of Identity Management Components
•    Performance and Availability Monitoring
•    Service Level Management

•    Configuration Management

There are also other licensed and open source monitoring solutions available on the market today. An interesting alternative to check out is Nagios, a viable open source solution for network and application monitoring. Homegrown solutions can also meet many system and network monitoring needs.

Regardless of the technology that is selected, it is recommended, in many cases, to take a phased approach when implementing such a solution. In this way, the processes for ongoing monitoring and addressing potential issues flagged by the monitoring solution can be ironed out while proving out the value and importance of the solution. The solution needs to cover the critical failure points, across database, application, network, machine, and hardware layers. For many Identity Management deployments, database failures are often the culprit of production-level issues. In provisioning solutions, connectivity to target systems need to be monitored closely as the integrations can often times be the failure points. Based on the type of IDM solution being implemented, monitoring should obviously be set up for the more likely failure points during the early phases of the monitoring solution deployment.

Conclusion

Monitoring is an important component to ensure a successful Identity Management solution and greatly helps to improve the health and stability of any IDM platform. To learn more about our best practices gained from leading hundreds of Identity Management implementations, please contact Kunwar Nitesh, an Associate Director in Aurionpro's India-based IDM delivery center, and a true domain and implementation expert across Oracle's Identity and Access Management solutions.

Wednesday Apr 16, 2014

Management and Provisioning of Mobile Devices - Dave Smith

Today we will explore provisioning and device management. These weren’t always considered to be related topics, but in a bring-your-own-device (BYOD) world, there are new relationships to consider…!

 So what is a device…? In the context of the Internet of Things, it potentially refers to anything having an IP Address, such as an automobile, refrigerator, etc. In the context of mobile security, it refers to smartphones and tablets. The mobile device is the new channel to access corporate content, applications and systems, breaking free from the traditional model of using a desktop computer or laptop to access these assets.

 It should be no surprise that from the perspective of enterprise security, “device management” means controlling the device or better yet, controlling what corporate assets can be accessed from this device. In a BYOD world, employees bring their personal mobile devices into the workplace in order to more flexibly access corporate assets. The BYOD phenomena defines not only an architecture, but also a cultural shift and quite frankly, an expectation of users that their personal devices will continue to provide the experience they are accustomed to for other mobile apps. Device management, therefore, must be carefully deployed, since it has to not only provide easy and familiar access for employees’ devices, while at the same time, must do so without sacrificing corporate security by providing limitless access to corporate assets. While on the surface device management seems to be a device-centric approach, it actually needs to be user-centric.

 So what does provisioning mean to mobile devices? Provisioning means managing access. Often this is associated with managing access to application accounts – e.g. create, update, retrieve or delete of accounts or managing the privileges or entitlements granted through these accounts. However, when considering mobile devices and device management, provisioning must also refer to managing access from the user’s device to corporate assets (content, files/shares, applications, services). So, provisioning includes both digital (e.g. accounts and access) as well as physical access (e.g. enabling network access to corporate assets). Managing someone’s access by group or role (e.g. role-based access control, RBAC) is much more scalable and less brittle than managing access on an individual user-by-user basis.

 Provisioning access can be triggered by a number of factors. One is “birth right” access, based on a new hire event. Another is driven by requests for new access (e.g. similar to online shopping, but where the cart holds new entitlements). With the introduction of mobile devices, a third example describes managing the available catalog of mobile apps that a particular person can download to his/her device, ideally based upon his/her job and role within the company.

 Closely related to provisioning is de-provisioning, which is the removal of access. Historically, de-provisioning occurs when the person leaves the company or when they change jobs and no longer need access. In a BYOD world, de-provisioning must extend to the mobile apps running on the person’s enabled devices. Furthermore, given the fact that mobile devices can be more easily lost or stolen, mobile device management dictates that access has to be de-provisioned or blocked from the device, when the device itself has been compromised.

 In the next blog, we will take a look into the concept of “secure containers”, which are provisioned to the device as a key component to a successful BYOD strategy.

Monday Apr 14, 2014

When We Are All A Heartbeat Away From Data-Loss

Unless you have been sleeping under a rock the last few weeks, one of the biggest items of news in security has been around a vulnerability that has been around since December 2011. The vulnerability CVE-2014-0160, is more widely known as the Heartbleed Bug and is only now making its reputation known after researchers discovered the widespread impact of this vulnerability on data privacy.

The vulnerability is in an older version of the OpenSSL encryption routines used for secure web sessions. For example, when you go to your favorite banking or web email site, and after logging in, you see a padlock in the lower right corner. This “closed” padlock symbolizes that SSL (Secure Socket Layers) has initiated and secured a connection between your browser and the service you are connecting with to ensure nobody can intercept or monitor your communications. This is critical when filing taxes online, or sending private emails on Yahoo, or using cloud based file sharing services over a browser connection.

Without diving into the full details of the way the exploit works, in the simplest terms, this vulnerability allows a remote attacker to simply make a network connection to any remote system, and pull small chunks of data that is left in memory from the SSL session. While this does not mean that an attacker can pick and choose files from your system, it does mean that the kinds of information commonly found in memory are passwords, session IDs, encryption private keys and more. All of this of course is very sensitive information.

The biggest challenge here is that many consumers and corporate users recycle passwords and user names. User names are often their email address, and passwords often are re-used again and again, across all of their web services and web properties they access. So the challenge here is if an attacker is so lucky to collect one password for the online flower website they just purchased flowers on, chances are, that attacker will attempt to use that same user ID and password against mainstream email, financial, retail and services portals associated with that same user. 

The impact of the Heartbleed bug is global. It is as far reaching as any bug, as it affects hundreds of millions of online user accounts. Many researchers are advising to give a few more days until you attempt to change all of your online passwords. Why not sooner? Changing passwords when your systems and the services you connect to are still at risk of being vulnerable, is a wasted effort. By the end of this week, most of the online service providers you use will have all of their systems patched, most browsers will be updated and patched, and most smartphones and tablets will be secured. At that point, it will be highly recommended to change passwords. The best course of advice, check with your service provider such as your online banking website, or whatever your online service provider is, for when they give the "all clear" to reset passwords.

So what are the lessons here? Regardless if you are a member of a major corporation, a non-profit, or you are heading up a family of 3, it is the same advice. As a consumer or corporate user, you must practice implementing a new mindset around a password policy for yourself. Passwords and User IDs must be unique for each service and account you access. Passwords must not be personally tied to you in the sense that you should not have family names, or dates that are tied to you or family members. Rotating and refreshing these every 30 to 90 days is critical. This is called compartmentalizing the risk. The practice is used here so that if a password is compromised, only that one service is at risk, such as your online flower website. What is safe is, your personal banking, your company’s VPN password, your secure email passwords and more, all because you have maintained them separate.

In the corporate world, this can be greatly simplified through the use of Single Sign-On technologies that dozens of unique account credentials that would be hard to remember, and place them under one strong user ID and password that the employee can focus on remembering. For consumers, there are best practices around consumer oriented tools that can accomplish the same goal to help pull passwords together, but buyer be warned. For every one “reputable” product here worthy of storing your most sensitive information, there are 10 others that you should stay away from, as some even are malicious in nature designed to steal information – so be careful.

There are numerous online resources to help you research if your website is vulnerable, as well as many more security research articles that detail additional for administrators looking to remediate their websites.

For more information on how Oracle can help address your organizations needs around account provisioning, Single Sign-on and more, visit us at www.oracle.com/identity

Tuesday Dec 31, 2013

MDM + Oracle Fusion in the Cloud - Simeio Solutions

Introduction
In the previous posts in this series of blog posts, we covered many concepts, from Mobile Device Enablement, BYOD, Mobile Device Management (MDM), Mobile Application Containerization & Mobile Identity Management. While the focus on all the prior series were around the pro’s and con’s and best practices, we would like to take a detour in the conclusive post of this series and focus on  the cloud and how it co-relates to the “mobile” landscape.

BYOD, MDM and Cloud Computing by themselves are technologies that are becoming an integral part of the IT landscape at a rapid pace. While organizations have invested in infrastructures that allow their employees to work remotely via technologies like VPN, the technology stack in the advent of the MDM / BYOD age needs to extend to allowing for remote access via these mobile devices too.

Cloud Computing
In the information era, innovative concepts come along and emerge as a new trend. Not all trends are made equal. Cloud Computing is one such term that has not just emerged as a trend, but has enabled technology to take a leap forward in terms of  scale and usability. It has taken a quantum leap forward in terms of ambition. As with most technologies, there are many benefits that can be gained, but along with understanding the benefits, the business risks must also be evaluated.  While evaluating such benefits, it’s important to not just look at the short term benefits but also the long term objectives and goals of an organizations strategy.

What Is Cloud Computing
The definition of the term is just one of many that we have been introduced with in the industry. But what does it actually mean? Let’s take a brief look at a few definitions of the term:

Wikipedia: “Cloud computing is a phrase used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet”

NIST: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared  pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released  with minimal management effort or service provider interaction”.

Merriam-Webster: “The practice of storing regularly used computer data on multiple servers that can be accessed through the Internet”.

For Dummies : “The “cloud” in cloud computing can be defined as the set of hardware, networks, storage, services, and interfaces that combine to deliver aspects of computing as a service”.

Before we provide you any more references to confuse you further, let’s take a pause here. We cited the top 3 sources of references. And each have their own variation of the definition. So which definition is more apt? Do they all mean something different or do they all mean the same? The short answer is, they are all the same. Any which way you read it, it translates to “cloud computing” being a model. A model that has certain characteristics.

The characteristics of a cloud network essentially are it being an on demand service, ability to scale to exponential proportions at a rapid pace, the ability to aggregate and resources from across multiple platforms and the ability of it being measurable.

The four fundamental deployment models of a cloud service are a public cloud, a private cloud and a hybrid cloud. Where the terms public private by themselves are indicative of its use, and the term hybrid as it’s itself definition goes is an amalgamation of the 2 models.

BYOD in the Cloud:
BYOD’s success is equivalently proportional to the variety of devices and platforms that it introduces to the IT systems. For organizations that are proponents of the BYOD ideology, the key factor that determines the ease of onboarding of users onto the corporate network is the use of Virtual Private Networking (VPN) technology. Enabling users to tunnel into the network via VPN allows organizations to enable their user to access files and/or control the applications on local machines that they require for their daily routines regardless of the platform or device they are using or their location as long as they are connected to the cloud.

Therefore, it is imperative that cloud connectivity plays an important role in enabling such access across platform or device agnostic systems.  BYOD needs to be part of a wider, holistic approach to Cloud computing.

Now take into account the general Cloud options. The problem with this is that you can lose control of the data while not losing responsibility for it. You don’t even know where it is. At a technical level, this might not be important; however at a legal and regulative level it definitely is. Moreover, your only ultimate control over your own data is your contract with the Cloud provider - and if the provider fails, contracts are no substitute for data.

The BYOD concept is evolving very quickly and the changes are influencing "how enterprises have adopted this technology" vary considerably. They are forcing IT section chiefs to think more intrusively and acquire tools to control this situation without restricting the end user experience. MDM or Mobile Device Management is one such very handy tool but as BYOD concept continues to spread, businesses would require many other services in integration with MDM. Two of such services are Mobile Device Management (MDM) and Content Management.

MDM in the Cloud:
Cloud based device management doesn't minimize application or operating system bloat but what it does do is leverage the Internet's bandwidth for delivery, monitoring and metering. If an organization is geographically dispersed and diverse, cloud based MDM becomes a necessity rather than a requirement. A smart way to setup a cloud based MDM solution is to place the organizations asset management system in the cloud and allow the processes to take place via user's personal bandwidth. It's kind of an extension of BYOD but in this case it's BYOB, where the "B" is bandwidth.

By using an employee's personal bandwidth for that "last mile" leg of the delivery process, the corporate network's bandwidth, even on a segregated network, remains available for monitoring, operating system delivery, server patching, administration, and other required maintenance activities.

Cloud-based MDM will be most effective with user devices, which will always outnumber data centered ones. User devices burn up the bandwidth due to the sheer numbers of them.

When we refer to MDM in the cloud, a key issue that pops into mind is “security”. Arguably the greatest challenge faced by organizations embracing BYOD is that of security; ensuring that personal devices aren't compromised in themselves and don't pose a security threat to the rest of the network. Allowing BYODs introduces many more vulnerabilities at various steps in the network and so there are many ways in which these risks can and need to be addressed.

The first step is to reduce the risk of the personal device being compromised in the first place. This is particularly pertinent where employees are bringing their own device in to connect to the businesses LAN. To achieve this, some organizations have conditions of use which require that the user's device has specific anti-virus and management software installed before it can be allowed onto the network. However, the risks can also be reduced by ensuring that personal devices are only allowed to connect to the local network via a VPN rather than a direct connection, even when the user is on site.

Using a VPN is a must for users in remote locations as the secure tunnel of a VPN prevents any information being intercepted in transit. It can be tempting for employees working off-site (or even on site) on personal devices to email documents, for example, backwards and forwards but the security of such communications can never be guaranteed.

What's more that approach requires that at least some work data is stored locally on the personal device - a cardinal sin in terms of data protection. Again both VPNs and cloud solutions can negate the need to store local data. Using a VPN will allow the worker to operate on the local network, accessing, working on and storing everything they need on there, rather than on their own device. Secure cloud services on the other hand can be used to provide collaborative workspaces where users perform all their work in the cloud so that colleagues, wherever they are, can access it. However care should be taken to check the security measures used by cloud providers before signing up to such services whilst the user must also ensure that someone who misappropriates a device can't then easily access their cloud account (through lack of device security and stored passwords etc).

Since MDM itself is a relatively new concept there is disparity in opinion regarding the implementation of a cloud based system. While most organizations prefer a cloud based solution, others are not willing to let go of a very recent transition made from traditional networks to MDM. Some however have opted for a hybrid solution where data processing is done on servers A purely cloud based solution however is more beneficial to the requirements of companies especially if they're on a small scale.

  1. Setup Time : The setup time for a cloud based system is very little. This is because the data is ultimately on a cloud and the creation of a system which gives access to multiple devices can be easily done.
  2. Setup Cost : Budget constraints are common problems faced by small companies. The BYOD automatically removes the strain of providing devices to employees whereas cloud systems enable mobile device management without the need of spending money on technical equipment such as server machines, cables, power outlets and switches.
  3. Maintenance : Regular maintenance of the server will be unnecessary. If the software has the latest updates and is working properly, chances are the server is providing optimal performance as well.
  4. Costs : One of the most appealing features of MDM is the low initial cost of set up. What is overlooked however is that the running or operating costs of the cloud systems are reasonable as well. Payment is done simply on usage basis and according to the number of devices connected to the cloud system.
  5. Ease Of Access : The cloud may be accessed from any locations which means that workers in remote locations will be able to work from home or other locations.

Oracle Fusion Middleware:

Cloud computing may appear to be spreading like wildfire with both enterprise and personal users jumping at the chance to take advantage of the cost effectiveness, scalability and flexibility that it offers. However, there is a strong debate amongst industry experts, and beyond, as to whether this uptake, however rapid, has been severely tempered by a lack of trust and understanding around cloud services from prospective clients.

Many propose that, as has been the case in many markets that have preceded cloud computing, the answer to client wariness is standardization with the aim of delivering transparencies. In other words, create a market where a client can shop between multiple providers and judge their security levels, data handling, performance and service stability on comparable metrics.

Oracle Fusion middleware does just that. It’s based on standards and enabled organizations to standardize their platform offerings.

Oracle Fusion middleware enables you to secure mobile (native and Web) applications with Oracle Access Management. This includes authenticating users with existing credentials; enabling two-factor authentication; and using mobile authentication to enable secure Web services and REST APIs, REST-to-SOAP transformation, and identity propagation.

Version 11.1.1.8 of the latest release of Oracle WebCenter Sites provides an integrated mobile Web solution that enables business users to author, edit, and preview content for different groups of mobile devices—all from within the same interface that is used to manage their main Website. Oracle WebCenter Framework is an Oracle JDeveloper design-time extension that breaks down the boundaries between Web-based portals and enterprise applications. It also provides the runtime portal and Web 2.0 framework on which all Oracle WebCenter technology runs.

The Best of Breed
With Oracle Fusion middleware, you gain access to the best of breed in technology platforms and tools that would not just enable your organizations BYOD program to sprint forward but would enable to enhance the service delivery model by providing your organization with the core tools and technology that would not just power your BYOD and MDM strategy but also enable you to leverage the exact same platform for your enterprise wide security strategy.

If you’d like to talk more, you can find us at simeiosolutions.com











Friday Sep 07, 2012

Mark Wilcox Discusses Privileged Account Management


The new release of Oracle Identity Management 11g R2 includes the capability to manage privileged accounts. Privileged accounts, if compromised, create a risk for fraud in the enterprise and as a result controlling access to privileged accounts is critical. The Oracle Privileged Account Manager solution can be deployed stand alone or in conjunction with the Oracle Governance Suite for a comprehensive solution.

As part of the comprehensive platform, Privilege Account Manager is interoperable with the Identity suite. In addition, Privileged Account Manager can re-use Oracle Identity Manager connectors for propagating changes to target systems. The two are interoperable at the data level. I caught up with Mark Wilcox, Principal Product Manager of Oracle Privileged Account Manager and discussed with him the capabilities of the offering in this podcast. Click here to listen.

Thursday Jul 26, 2012

Durable UI Configuration Framework

With Oracle Identity Management 11gR2, Oracle is now delivering a Durable UI Configuration Framework as part of its Identity Governance solution stack. This is a browser based UI customization framework which offers two new powerful capabilities to dramatically simplify UI customization.

  • Sandboxing: Customers can make custom UI changes within a sandbox so that it doesn’t impact their production environment. They can stage and test their changes without affecting production users.
  • 'Declarative model for customization: UI Customizations are encapsulated in a metadata format so customers can implement changes without any coding whatsoever. So as customers upgrade they do not have to worry about major upgrades breaking customizations already in place which could otherwise result in them re-investing or redoing expensive customization projects. So this completely eliminates the ongoing cost of maintenance.

This offers several compelling benefits to organizations:

· Ease of Customization; The Durable UI Config Framework makes it extremely easy to customize the user interface. So things like changing the solution branding become extremely simple - as simple as a user clicking on the logo to change it. Users can select any html element such as a header or an image or a form field or a navigation item and so on to customize it inline within the page without the hassle of writing any custom code.

· Eliminates Custom UI Development Costs: This eliminates the costs and complexity of customization projects. Customers do not have to spend thousands of dollars in writing custom code. Even for advanced customization tasks, customers can edit the standard JSF within the page without having to go through a development program to customize.

· Simplifies Lifecycle Management for Custom UI: This drastically simplifies the lifecycle management problem. With the Durable UI Config the customizations survive patches and upgrades so customers do not have to worry about rewriting, re-testing and redeploying complex customizations.

· Tighter Integration between Governance solutions and Portal Strategies: Finally, we offer tight integration between governance solutions and customer portals. For instance, home page regions can be exposed as portlets that can be embedded in any portal – a lot of customers embed password reset region in a corporate self-service ( not IDM self service) portal). Similarly portlets developed elsewhere can be integrated into the User Provisioning and Self Service UI

For more information about Oracle Identity Governance products, visit our website at http://www.oracle.com/us/products/middleware/identity-management/governance/overview/index.html

Monday May 21, 2012

CSO Roundtable Amsterdam

This lunch event gives senior security executives across different industries an opportunity to hear Oracle’s formula for cyber-security and to hear from Chris Gavin, Vice President Information Security, Oracle Corporation as he shares more insights into:

  • Oracle’s information security best practices
  • Information security in a “bring your own device” to work culture
  • Securing cloud, mobile and social access.
  • Security as a business enabler
  • Responding to cyber-security threats

An organization’s brand and reputation is built up through the years but can also be severely damaged or even destroyed by a single security incident. The media coverage around these information security breaches underscores just how devastating these failures can be to an organization’s reputation. Reach out to your sales rep if you would like to attend.

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today