Wednesday Oct 01, 2014

Thursday October 2nd: Identity Management at Oracle OpenWorld '14

Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Thursday, October 2nd, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Conference Sessions


Managing Telenet’s Identities in Practice
Bart Cools, Partner, Cronos NV
Mark Van Tiggel, Team Manager ERP, Telenet NV
9:30 AM - 10:15 AM Moscone West - 3020 CON3995

There and Back Again: Journey to a Successful Deployment
Alex Bolante, Managing Director, Accenture
Viresh Garg, Director, PwC
Andrew Morrison, Partner / Principal, Deloitte & Touche LLP
Aaron Perry, President, Aptec LLC
Matthew Berzinski, Principle Product Manager, Oracle
12:00 PM - 12:45 PM Moscone West - 3020 CON8025

Self-Service Access Control: Help Yourself to More Productivity
Patrick Landry, IT Technical Director, USAA
David Mathias, Information Security Manager - Product Management, US Bank
Atul Goyal, Product Manager, Oracle
Volker Scheuber, Principal Sales Engineer, Oracle
1:15 PM - 2:00 PM Moscone West - 3018 CON8007

Architecting a Complete Access Solution for the Cloud Economy
Bernard Diwakar, Security & IAM Architect, Intuit
Marc Chanliau, Director, Product Management, Oracle
1:15 PM - 2:00 PM Moscone West - 3020 CON7975

Shake, Rattle, and Roll: Managing Large-Scale Identity Management Deployments
Gebhard Herget, Architect, Bundesagentur für Arbeit
Perren Walker, Senior Principal Product Manager, Oracle
2:30 PM - 3:15 PM Moscone West - 3020 CON8045


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Tuesday Sep 30, 2014

Wednesday October 1st: Identity Management at Oracle OpenWorld 2014

Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Wednesday, October 1st, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Conference Sessions


Customer Success Stories: How to Eliminate the Blind Spots in Enterprise Risk
Angelo Cascio, SVP, Head of Identity and Access Management, Jefferies
Rich Flees, Staff Manager IT, Qualcomm, inc
Bob Jamieson Jamieson, Information Security Director, UL LLC
Neil Gandhi, Principal Product Manager, Oracle
10:15 AM - 11:00 AM Moscone West - 3020 CON7991

Modern Identity Management: Upgrading to Meet Requirements of the Digital Economy
Sherry Gray, Identity & Access Functional Analyst, ICBC
Judy Hatchett, Best Buy
Stacy Knoup, Asst Dir-IT, Principal Financial Group
Matthew Berzinski, Principle Product Manager, Oracle
11:30 AM - 12:15 PM Moscone West - 3020 CON8023

Securely Extend Applications to Mobile Devices: Developing a Mobile Architecture
Dawn Johnson, Director, IDM, First National of Omaha
RAKESH Meena, Security Architect, Aurionpro Solutions, Inc.
Kanishk Mahajan, Principal Product Manager, Oracle
12:45 PM - 1:30 PM Moscone West - 3020 CON7994

Beyond Brute Force: Strategies for Securely Leveraging Mobile Devices
Bob Beach, Security Technologies Strategist, Chevron Information Technology
Rajesh Pakkath, Senior Principal Product Manager, Oracle
Andy Smith, Sr Dir of Product Management, Oracle
3:30 PM - 4:15 PM Moscone West - 3020 CON7973

Trust but Verify: Best Practices for Monitoring Privileged Users
Chirag Andani, VP, Identity Access Management PDIT, Oracle
Olaf Stullich, Principal Product Manager, Oracle
Arun Theebaprakasam, PMTS, Oracle
4:45 PM - 5:30 PM Moscone West - 3020 CON8005

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Monday Sep 29, 2014

Tuesday: Identity Management at Oracle OpenWorld '14

Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Tuesday, September 30th, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Conference Sessions


Securing the New Perimeter: Strategies for Mobile Application Security
Josh Bregman, VP Solutions, Aurionpro Solutions, Inc
Thai Thai, Infrastructure Solution Architect, Safeway Inc
Andy Smith, Sr Dir of Product Management, Oracle
10:45 AM - 11:30 AM Moscone West - 3020 CON7993

Identity as a Service: Extend Enterprise Controls and Identity to the Cloud
Sanjeev Topiwala, Group Manager, Intuit
Roger Wigenstam, Sr. Director, Product Management, Oracle Identity & Access Management, Oracle
3:45 PM - 4:30 PM Moscone West - 3020 CON8040

The Age of Megavolume: Oracle’s Next-Generation Directory and Future Strategy
Rafik Alsawalhy, Manager, City of Los Angeles
Jerome Cartagena, Staff IT Engineer, Qualcomm, Inc.
Etienne Remillon, Senior Principal Product Manager, Oracle
5:00 PM - 5:45 PM Moscone West - 3018 CON8043

Identity Services in the New GM
Andrew Cameron, Enterprise Architect, Identity Management, GENERAL MOTORS
Susie Godfrey, Directory & Platform Services Manager, GM
5:00 PM - 5:45 PM Moscone West - 3020 CON2007


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Sunday Sep 28, 2014

Monday: Identity Management at Oracle OpenWorld 2014


Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Monday, September 29th, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


MONDAY, SEP 29, 2014

General Sessions


General Session: The Cloud Platform for Digital Business—Presented by Thomas Kurian
Steve Holland, Chief Technology & Digital Officer, 7-Eleven, Inc.
Thomas Kurian, EVP, Oracle
1:15 PM - 2:15 PM Marriott Marquis - Salon 7/8/9 GEN8589

Conference Sessions


Ready for the Digital Economy? Oracle’s Vision of How Identity Helps
Sanjeev Topiwala, Group Manager, Intuit
colin anderson, VP-IT & CISO, safeway
Amit Jasuja, Senior Vice President, Oracle
10:15 AM - 11:00 AM Moscone West - 3020 CON7989

Identity Governance Across the Extended Enterprise
Dominic Fedronic, Senior Business Leader, VISA
Chris Guttridge, IS Architect, AAA - The Auto Club Group
Bernhard Hübl, Teamleader Middleware, SPAR AG
Jim Taylor, Snr. Director of Product Management, Oracle
11:45 AM - 12:30 PM Moscone West - 3020 CON7968

Access Without Fear: Delivering an Optimal Multichannel User Experience
Thai Thai, Infrastructure Solution Architect, Safeway Inc
Paul Van Nieuwenhuyze, Service Manager, GDF Suez
Jie Yin, Senior Director, Product Management, Oracle
2:45 PM - 3:30 PM Moscone West - 3020 CON7995

Oracle Management Pack Plus for Identity Management Best Practices and Lessons Learned
Byron Amstutz, Executive Principle, Technical Architecture, Accenture-CalHEERS
Andrew Cameron, Enterprise Architect, Identity Management, GENERAL MOTORS
Perren Walker, Senior Principal Product Manager, Oracle
4:00 PM - 4:45 PM Moscone South - 200 CON8212

Securing Oracle Applications and the Extended Enterprise with Identity Management
Naynesh Patel, Sr. Partner, SIMEIO SOLUTIONS
Vaidyanathan Sree, Senior Director Business Application, Sony Computer Entertainment Amercia
Matthew Berzinski, Principle Product Manager, Oracle
5:15 PM - 6:00 PM Moscone West - 3018 CON8874

Architecting Appiications with Intelligent Authentication and Authorization
Ranjan Jain, Enterprise IT Architect, Cisco Systems Inc
Roger Westman, Prin IA Engineer, MITRE Corporation
Svetlana Kolomeyskaya, Group Product Manager, Oracle
5:15 PM - 6:00 PM Moscone West - 3020 CON7978


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Friday Sep 26, 2014

Oracle Identity Management: Customers, Partners & OpenWorld 2014

Join Oracle, our partners and customers at Oracle OpenWorld 2014 as we relate experiences with and demonstrate how Oracle's Identity Management solutions increase security and allow companies to homogenize and defragment identity information and services, which can result in faster deployment times, faster upgrades, and lower cost of ownership by providing consistent access controls and an optimized user experience across the extended enterprise. To help organizations offer more digital services, Oracle Identity Management provides the foundation to connect to the internet value chain and economies of scale to manage users across all channels of interaction including cloud, mobile, and social.

Listen in customer led sessions and hear about real world implementations of Oracle Identity Management solutions across multiple markets in these and more sessions with Oracle partners and customers.

Session
Partner/Customer
Ready for the Digital Economy? Oracle’s Vision of How Identity Helps
Intuit, Safeway
Identity as a Service:
Extend Enterprise Controls and Identity to the Cloud
Intuit
Securing the New Perimeter: Strategies for Mobile Application Security
AurionPro
Customer Success Stories:
How to Eliminate the Blind Spots in Enterprise Risk
Qualcomm, UL, Jeffries
Identity Governance Across the Extended Enterprise
Visa, SPAR, Dewpoint Inc.
The Age of Megavolume:
Oracle’s Next-Generation Directory and Future Strategy
Qualcomm, City of Los Angeles
There and Back Again: Journey to a Successful Deployment
Deloitte & Touche LLP, Aptec LLC
Securing Oracle Applications and the Extended Enterprise with IdM
Simeio Solutions, Sony Computer Entertainment Amercia

Learn from the expert as they demonstrate the Identity Management solutions that can help reduce complexity and risk while lowering costs and providing improved user experiences. See all the Identity Management demos at OOW14 here.

Demo
Location
Identity Management for the Cloud
Moscone South, Left - SLM-123
Identity Management Monitoring with Enterprise Manager 12c
Moscone South, Left - SLM-141
Oracle Mobile Security Suite: Secure Enterprise Applications
Moscone South, Left - SLM-136
Oracle Mobile Security Suite: Enable Secure Access to B2C Applications
Moscone South, Left - SLM-134
Access Management: Complete, Intelligent, and Scalable
Moscone South, Left - SLM-121
Access Management: External Fine-Grained Authorization
Moscone South, Left - SLM-122
Identity Governance: Increased Productivity with Business-Friendly Self-Service
Moscone South, Left - SLM-143

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos. The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Management blog. We hope to see you there!

Tuesday Sep 23, 2014

Pre-Registration Now Open for eBook: Oracle Mobile Security Primer

Today, just as organizations are starting   to understand the first wave of the mobile revolution, there are now numerous demands being placed on IT to support the second wave as new generation devices and applications are coming online to take advantage of these new capabilities in today’s corporate environment.

Pre-Registration has just opened for the new eBook: Oracle Mobile Security Primer which provides a deeper understanding of not only the fundamentals, but also the complex issues related to mobile security in today’s corporate mobility environment. If you maintain the role of a mobility planner, security architect, CISO, security director, IT director, operations manager or just simply want to stay up on the latest trends around mobile security, then pre-register for this new eBook: Oracle Mobile Security Primer.

Some of the areas covered in this eBook:

  • A look at the changing mobile and business requirements
  • Deep dive in the technologies used to secure the mobile platform today
  • Containerization and application management
  • The role Identity Management plays on the mobile device
  • The broader view of securing the mobile stack

Registration will allow Oracle to provide notification to you upon its availability in both eBook and printed form by McGraw-Hill.

www.mhprofessional.com/mobsec

Friday Sep 19, 2014

Are you ready to take on the Digital Economy securely?

As organizations consume an increasing number of cloud services and applications, identity management becomes fragmented. Organizations have inconsistent access policies and lose visibility into who has access to what. To avoid these risks and costs, they are increasingly adopting a strategy of extending enterprise identity services to the cloud.

Join Amit Jasuja, Senior Vice President, Identity Management and Security, Oracle, and representatives from Intuit and Safeway at Oracle OpenWorld 2014 as they explore how customers are using Oracle Identity Management to deliver a unified identity management solution that provides users with access to all their data from any device while giving administrators an intelligent, centralized view into user access rights. See more detail here and don't forget to register for this session [CON7989] taking place at OOW14 on Monday, Sep 29, 10:15 AM - 11:00 AM PT.

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Wednesday Aug 27, 2014

A Journey from Customization to Standardization - Umer Aziz

It was a cold evening back in fall 2010 when a succinct but impressive cake cutting ceremony was held at Oslo’s massive indoor stadium, Telenor Arena. The ceremony progressed with some speeches and presentations, leading to a delicious cake and refreshments.  The gathering also comprised of brilliant IT Security and Identity & Access Management professionals, who were accompanied by personnel from other IT disciplines. Most of the audience showed great enthusiasm and pitched very interesting questions which were responded with great passion and confidence by those energetic professionals.

It was the launching ceremony of an application that received OracleFusion Middleware Innovation award at Oracle Open World, in the same year. The application was built on the concept of ‘Identity as a service’ for group companies and proved to be a great addition in application portfolio of our Shared Services organization.

Customized GUI over top of Oracle Identity Manager
The application was built as a customized layer upon Oracle Identity Manager 10g and offered user friendly Certification audits and Access Request Management, powered by a multi-tenant architecture. The features were a bit early of their time in IdM world and were key reasons to build customized layer over top of standard solution of Oracle. Though it was not the first time that we built customized application using APIs of standard identity manager, we had already done that in the form of “user creation management GUI” on top of Oracle Identity Manager 9i.

Shortcomings of Customized solution
Though customization results a product according to customer’s desire and fulfills requirements more precisely, but we shall have to believe that technology has somewhat matured recently and companies are offering off-the shelf solutions, better than the traditional tailored products.

Following are the major shortcomings of Customized solution that were faced.

  • A tailored solution is always more expensive than using an off-the shelf product. The logic is simple – customized product are made for a single customer and consequently all development expenses are borne by one entity.
  • Upgrade to newer version is always a big challenge when using a customized solution, but it becomes even bigger when customization is heavily dependent upon the application interfaces (APIs and WebServices). I still remember the mayhem while upgrading from OIM 10g to OIM 11gR1 :)
  • Maintenance and development of a customized solution (application) requires considerable time and resources as compared to the standard solution. A dedicated team of programming geeks is a must, for successfully running a tailored solution. Another relevant challenge is training and coaching of newly hired resources. Every time a new resource is hired to fulfill a vacant position, a hands-on training will be required for him to understand the architecture and approach used for customization.
  • The product support community does not offer any support for a customized product, so if you get a bug or challenge in your customized solution, you will be the only one to resolve that.
  • It is admitted by many of the solution providers, that customization has resulted in slow performance of their application instances. Allowed customization approaches use standard APIs or related interfaces to interact with core application, which have always been considered performance degraders due to the formalities of applications towards external interfaces. This challenge is not only true for Identity Management but similar feedback has been reported by experts of other products i.e. Oracle E-business suite and Oracle SOA suite.


Oracle’s Beta testing program
The Beta Testing Program is a joint venture featuring Oracle and its customers. This initiative provides a structured approach to include users of Oracle applications from selective organizations in the Beta Testing Programs. The overall goal is to allow selected users to perform in depth testing and analysis of Oracle's new products and releases in order to help Oracle deliver better products to market. As a beta testing participant, testers perform in-depth testing of the next generation of Oracle products. This also helps to build personal knowledge base, become an industry recognized technology leader, and help influence Oracle's future product direction.

Our organization, as a Shared Services Solution Provider of Identity and Access Management, was also involved in the beta testing for patch set 2 (PS2) of Identity and Access Management suite 11gR2. The focus area from our side was limited to Identity Governance – more specifically, features of Multi-Tenancy and Access Request Management.

Decommissioning of Tailored layer and rollout of Off-The-Shelf Solution
It's a common misunderstanding that boundaries limit creativity. It may sounds unreasonable, but boundaries can actually boost creativity. Instead, we need to impose boundaries by tightening our processes and one way to achieve this effectively is with Off-The-Shelf solutions.

As involvement in beta testing program resulted in the confidence on much awaited functionalities, last week we have decided to decommission the customized layer by moving functionalities in OIM 11gR2 PS2. The work has actually been started and intention is to complete before summer vocation of 2014. We're crossing our fingers and hoping that the rollout of Off-The-Shelf solution stays fine.

Umer Aziz is an ITIL Specialist Change Manager with Telenor Global Shared Services and has an extensive consulting background in Identity and Access Management in real world deployments. 

Thursday Jul 31, 2014

Identity Management at Oracle OpenWorld 2014


Are you registered for Oracle OpenWorld 2014 to be held in San Francisco from September 28th to October 2nd? Visit the Oracle OpenWorld 2014 site today for registration and more information. We have highlighted some of the most talked about sessions that attendees will be trying to get in to see this year.  For the latest information on sessions (such as schedule changes to dates, times, venue locations) please continue to check back at the links below.

Business Transformation Case Studies in Identity Consolidation (CON7989) - This session will explore how customers are using Oracle Identity Management to deliver a unified identity management solution that gives users access to all their data from any device while providing an intelligent centralized view into user access rights. See how Oracle Identity management can securely accelerate your adoption of cloud services in the new digital economy.

Identity Governance Across the Extended Enterprise (CON7968) - In this session, see how Oracle's Identity Governance solution reduces risks and costs, while providing fast access to new services through an intuitive user self-service solution to thrive into today's economy.

Securing The New Perimeter: Strategies for Mobile Application Security (CON7993) - In this session, we will cover how enterprise mobility and the Internet of Things are both new IT endpoints that require melding device and user identities for security.

Access without Fear:Delivering an Optimale Multi-Channel user experience (CON7995) - In this session, we will review the role of the Oracle Access Management Platform and how it delivers an optimal user experience while guaranteeing the security of all access events.

Identity as a Service - Extend Enterprise Controls and Identity to the Cloud (CON8040) - In this session, we will cover how the Oracle Cloud Identity Service extends enterprise controls to the cloud, automating SaaS account provisioning, enabling single sign-on and providing detailed activity reports for today's customers.

Check back often, for a complete listing of all sessions available at Oracle OpenWorld 2014.

Identity Management executives and experts will also be at hand for discussions and follow ups. And don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Follow the conversation on Oracle OpenWorld 2014 on Twitter with #OOW14 and as always, engage with us @oracleidm.

We recommend the use of the Schedule Builder tool to plan your visit to the conference and for pre-enrollment in sessions of your interest. You can search identity management sessions using the term “identity management” in the Content Catalog. We hope to see you there!

Wednesday Jul 30, 2014

Exploring the OIM API Wrapper (Part 2 of 2)

This is part 2 of a 2 part series. In part 1, we discussed developing these web service wrappers and handling security for both the OIM credentials and web service endpoints. In part 2, we'll demonstrate how to invoke these web services from your BPEL Approval Workflow (and even how to store your web service user credentials in the CSF).

We wanted to pass along a suggestion to use Fault Policies around your web service calls to retry the operation in the event of network issues. We won't cover the use of Fault Policies in this series of posts, but may discuss it in a future post. For more information about Fault Handling in BPEL specifically, check out this document from Oracle Documents Online

Invoking the Web Service
Now that you have deployed your web service and protected it with an OWSM policy, you will need to configure your BPEL Approval workflow to invoke the web service. This is actually quite simple and JDeveloper does most of the work for you.

To start, we will assume you already have created a workflow (if not, see Oracle's How-To document for more information).

Once you have a new workflow, you must create a new partner link. To do this, open the bpel file for your workflow (such as ApprovalProcess.bpel) and drag the Partner Link activity from the Component Palette onto the Partner Links swim lane section of your workflow screen.

The Create Partner Link window will appear. Here you will specify the name of the Partner Link, as well as the WSDL URL. After typing in the WSDL URL, click the Parse WSDL button. You will see a prompt notifying you that there are no Partner Link Types defined in the current WSDL. Click Yes. This prompt may appear twice, so click Yes both times. You will see the Partner Link Type field has been populated. Finally, under Partner Role, choose the role listed and then click OK. You will see the new Partner Link appear in the Partner Links swim lane.



Now that you have a Partner Link defined, you must define an Invoke activity by dragging and dropping it from the Component Palette into the main swim lane. Double click the new Invoke activity and the properties window will appear.

Type in a name for the Invoke activity, and then choose a Partner Link using the Partner Link Chooser (select the one you just created). You will see a list of operations to choose from. In our case, we’ll select Disable User.

For Input and Output variables, you will have to create these by clicking the + icon, starting with the Input variable. When the Create Variable dialog box appears, click OK to accept the defaults.  Repeat this process to create the Output variable.



Finally, click OK to close the Invoke properties box. You will see a line connecting the Invoke activity you just created to the Partner Link you created previously. Make sure you save the bpel file in JDeveloper.


Now that you have defined an Invoke activity for the new Partner Link, you must use the Assign activity to assign the proper input values to the Input variable you created in the previous step. Drag and drop an Assign activity from the Component Palette onto the BPEL workflow. As with any other BPEL assignment, simply choose the source value on the left side of the Copy Rules screen, and drag to a corresponding variable element on the right side, then click OK.



Repeat this process for the Output variable, if necessary. You have now successfully configured your BPEL workflow to invoke the custom web service. In the next section, we will cover how to pass credentials to the web service using the OWSM Client Policy.

Configure OWSM Client Policy
Previously we protected the Web Service endpoint with an OWSM Policy that required a username and password be provided along with the SOAP request, so we will have to configure our Partner Link to provide these credentials when the service is invoked. This is actually quite easy in JDeveloper. You could also this do in Enterprise Manager at runtime, but it will not persist if you redeploy the BPEL Approval workflow.

In your BPEL Workflow project, open the composite.xml file. On the right under the External Service swim lane, right click on your Partner Link and click Configure WS Policies. Beside Security, click the + sign to add a Security policy.





Choose oracle/wss_username_token_client_policy and click OK. Back on the Configure SOA WS Policies screen, select the policy under Security and click the pencil icon to edit the policy settings. For the csf-key row, you can specify a csf key name under Override Value or use the default value (basic.credentials). Here you must use a CSF key that has been defined in the oracle.wsm.security CSF map. This is very important – only keys defined in oracle.wsm.security will work. In our case, we defined a custom key called owsmUserCred that contains a valid username and password. At runtime, Weblogic will retrieve this CSF credential and use it to authenticate.



Click OK, and then click OK again to close the Configure SOA WS Policies window. Save the composite.xml file, then deploy your web service to the SOA server and associate it to an OIM Approval Policy as needed.

You now have successfully configured your BPEL Approval workflow to use the custom Web Service and to pass the credentials necessary to satisfy the OWSM policy assigned to the endpoint.

Justin Hinerman is an Identity and Access Management Engineer with IDMWORKS.  As a key Oracle Partner, IDMWORKS takes a focused approach to the implementation of a Service Oriented Architecture and Identity Management-based solutions.

Thursday Jul 17, 2014

Exploring the OIM API Wrapper (Part 1 of 2) - IDMWORKS

The need for custom OIM API operations within BPEL approval workflows happens more often than one might think. While there exists a capability to embed Java code within a BPEL workflow (with the Java Embedding activity), this is far from ideal, as anyone who has tried this will understand. In fact, the Java Embedding activity is designed to provide easy access to some basic utility code, not hundreds of lines worth of functionality. Therefore, we recommend that clients deploy custom Web Service wrappers for the OIM API calls.

This is part 1 of a 2 part series. In part 1, we will discuss developing these web service wrappers and handling security for both the OIM credentials and web service endpoints. In part 2, we'll demonstrate how to invoke these web services from your BPEL Approval Workflow (and even how to store your web service user credentials in the CSF).

Development

We’re not going to dig deep into the detail of developing these web services, mostly because it is outside the scope of this post, and there are several other fine resources out there that can walk you through creating JAX-WS web services. Refer to Oracle's documentation at the Oracle JDeveloper Tutorial page for more information.

At a high level, you can create a dynamic web project in Eclipse, and then create your classes and methods however you want. For every class that contains a web service, it must be annotated with @WebService, and every method you want to expose as an operation must be annotated with @WebMethod. Note there are some limitations on input and return parameters with web services created in this way, notably collections. For example, if you wish to return a HashMap<String, String> from a web service, you can’t do it. But if you wrap the HashMap in a wrapper class, it will work fine.

For example:

public class Response() {

public HashMap<String, String> items;

HashMap<String, String> getResponse() {};

public void setResponse(HashMap<String, String> items) {};

}

@WebMethod

public Response webOperation(String input) { … }

OIM Authentication

When invoking the API calls to OIM, you will need to authenticate with a user who has certain Administrative rights within OIM, such as xelsysadm. Creating a new OIMClient instance requires the username, password, and OIM t3 URL. In this case, the Credential Store Framework is perfectly suited to store these credentials. In our case, we store the OIM credentials using a Password key type in CSF, and the OIM t3 URL using a Generic key type.



Once the credentials were in place in the CSF, we simply invoked the CSF API (reference documentation) to retrieve the credentials. Note that the OOTB JPS policy should allow access to a key stored in the OIM map by default if your application is deployed on the Weblogic server and your classpath contains the jps-api.jar file located in the $MW_HOME/oracle_common/modules/oracle.jps_11.1.1/ directory. Otherwise, you will have to define an explicit policy (in Enterprise Manager, the System Policies screen).

Configure Web Service Policy In Owsm

Obviously exposing web service without any authentication that could create and modify users, provision accounts, etc. would be a huge risk from a security standpoint. Fortunately, you can use the Oracle Web Services Manager (OWSM) to require authentication when invoking the web services. If you use JDeveloper or the Oracle Enterprise Pack for Eclipse, you can define OWSM policies locally in your IDE. You can also do this via WLST. In our case, we’ll show you how to use Enterprise Manager to define these policies after you deploy your application.

To do this, login to Enterprise Manager and navigate Weblogic Domain -> Domain Name -> Server Name (for example, IDMDomain -> AdminServer). Right click on the server and click Web Services. You will see a list of Web Services deployed on your server.


Choose the Endpoint Name you wish to protect. The Web Service Endpoint screen will appear. Choose the OWSM Policies tab, and then click Attach/Detach. On the Attach/Detatch Policies screen, select the “oracle/wss_username_token_service_policy” policy. This will enforce a username and password for authentication on the web service call. You will see the policy appear in the “Attached Policies” section of the screen at the top.


Click OK. You will be returned to the Web Service Endpoint screen and the attached policy will be listed in the OWSM Policies list.

If you click Web Services Test (or use something similar such as SoapUI), you can validate that the policy has been applied. Click to expand the Security tab, then select the OWSM Security Policies radio button, and choose oracle/wss_username_token_client_policy from the list of available client policies. Provide the users for any user in the Weblogic domain security realm (such as the weblogic user), and click Test Web Service. Depending on your implementation, you may have to provide parameters in the Input Arguments tab, but in our case if we pass no input we just get back an error. This validates the security policy enforcement.


One important point here is that if you redeploy the web services application, you must re-apply the policies using the steps above.

That covers it for Part 1, and we hope you will check back next week for Part 2 in this blog series. 

Monday Jun 16, 2014

It’s Time for Businesses to get Serious about BYOD

It’s Time for Businesses to get Serious about BYOD
Klaus Bergius, Director of Technology Marketing EMEA at Oracle

Bring Your Own Device (BYOD) is a corporate reality that is already affecting virtually every business operating today. In some ways BYOD is inevitable, with businesses having little choice but to adapt to it. Consumer smartphones, tablets and laptops may eventually end the corporate mandating of employee devices. But currently, there is widespread concern and even denial in enterprises, while embracing BYOD could create new opportunities. This is what the Oracle European BYOD Index Report, based on research carried out in January and February 2014, reveals.

This Index assesses the opinions of Chief Security Officers, Chief Information Security Officers or other personnel responsible for information security at 700 businesses in the Nordics, Germany and Switherland (DCH), Benelux, the UK, France, Italy and Iberia (Portugal and Spain) – across all major industry verticals. It seeks to understand where in the deployment of key BYOD technologies and processes European businesses are and what their opinions are with regards to the future of BYOD.

Barriers to Adoption
The latest research  from Oracle suggests that few businesses in Europe have fully warmed to BYOD, with 44 per cent of businesses stating that they dislike BYOD and only allow it in exceptional circumstances. A further 22 per cent have a complete ban on data or information residing on a BYOD device and – perhaps most worrying – 20 per cent have no rules in place at all. Half of organizations are not managing smartphones as part of BYOD, and there seem to be big concerns around security. Device security (45 percent), application security (53 percent) and data security (63 percent) were all listed as areas of concern.  Full BYOD Index Report

The Awareness Gap
This issue, however, is not a technological or process one – it is an educational one. For me, the main thing hindering further adoption of BYOD across Europe is a lack of awareness of what exactly it is  and what can be done to secure it. Fortunately the technology already exists to cost-effectively deliver secure BYOD. Containerization, or sand-boxing as it is sometimes referred to, illustrates this point perfectly.  But in our survey the majority (37 percent) of the IT professionals we asked had never even heard of it, let alone deployed it (only 8 percent reported that they have deployed containerization).  Full BYOD Index Report

Device vs. Application Management
Functions such as locking or remote wiping the device content or doing firmware upgrades are the domain of MDM (Mobile Device Management). Managing applications on devices typically is in the MAM (Mobile Application Management) area. But why should we continue to separate them from each other, thus fragmenting the overall solution into small pieces that are addressed by multiple vendors? Why shouldn’t we view MDM and MAM as overlapping areas, and moreover, treat it as ‘just’ an extension of corporate Identity and Access Management, by simply extending this solution to include device and application management features? This is exactly what Oracle Mobile Security Suite does.  Full BYOD Index Report

Outlook
In an attempt to widen this research and find out what the readiness and opinion towards BYOD is in other parts of the world, Oracle is currently preparing a second version which shall cover North America, South America, Eastern Europe, Middle East and Africa as well as Asia Pacific countries. And in addition to the aspects of data security, device security and application security, we will also include cloud security as an additional aspect. It will be extremely interesting to compare results, so stay tuned for an update!


Thursday Jun 12, 2014

BYOD is not a fashion statement; it’s an architectural shift - by Indus Khaitan

Ten years ago, if you asked a CIO, “how mobile is your enterprise?”. The answer would be, “100%, we give Blackberry to all our employees.”

Few things have changed since then:

1.    Smartphone form-factors have matured, especially after the launch of iPhone.
2.    Rapid growth of productivity applications and services that enable creation and consumption of digital content
3.    Pervasive mobile data connectivity

There are two threads emerging from the change. Users are rapidly mingling their personas of an individual as well as an employee. In the first second, posting a picture of a fancy dinner on Facebook, to creating an expense report for the same meal on the mobile device.

Irrespective of the dual persona, a user’s personal and corporate lives intermingle freely on a single hardware and more often than not, it’s an employees personal smartphone being used for everything.
A BYOD program enables IT to “control” an employee owned device, while enabling productivity. More often than not the objective of BYOD programs are financial; instead of the organization, an employee pays for it.  More than a fancy device, BYOD initiatives have become sort of fashion statement, of corporate productivity, of letting employees be in-charge and a show of corporate empathy to not force an archaic form-factor in a world of new device launches every month.

BYOD is no longer a means of effectively moving expense dollars and support costs. It does not matter who owns the device, it has to be protected.  BYOD brings an architectural shift.  BYOD is an architecture, which assumes that every device is vulnerable, not just what your employees have brought but what organizations have purchased for their employees. It's an architecture, which forces us to rethink how to provide productivity without comprising security.

Why assume that every device is vulnerable?

Mobile operating systems are rapidly evolving with leading upgrade announcement every other month. It is impossible for IT to catch-up. More than that, user’s are savvier than earlier.  While IT could install locks at the doors to prevent intruders, it may degrade productivity—which incentivizes user’s to bypass restrictions. A rapidly evolving mobile ecosystem have moving parts which are vulnerable.

Hence, creating a mobile security platform, which uses the fundamental blocks of BYOD architecture such as identity defragmentation, IT control and data isolation, ensures that the sprawl of corporate data is contained.

In the next post, we’ll dig deeper into the BYOD architecture.

Tuesday Jun 10, 2014

Nominations now open for the Oracle FMW Excellence Awards 2014

2014 Oracle Excellence Award Nominations
Who Is the Innovative Leader for Identity Management?



•    Is your organization leveraging one of Oracle’s Identity and Access Management solutions in your production environment?
•    Are you a leading edge organization that has adopted a forward thinking approach to Identity and Access Management processes across the organization?
•    Are you ready to promote and highlight the success of your deployment to your peers?
•    Would you a chance to win FREE registration to Oracle OpenWorld 2014?


Oracle is pleased to announce the call for nominations for the 2014 Oracle Excellence Awards: Oracle Fusion Middleware Innovation.  The Oracle Excellence Awards for Oracle Fusion Middleware Innovation honor organizations using Oracle Fusion Middleware to deliver unique business value.  This year, the awards will recognize customers across nine distinct categories, including Identity and Access Management

Oracle customers, who feel they are pioneers in their implementation of at least one of the Oracle Identity and Access Management offerings in a production environment or active deployment, should submit a nomination.  If submitted by June 20th, 2014, you will have a chance to win a FREE registration to Oracle OpenWorld 2014 (September 28 - October 2) in San Francisco, CA.  Top customers will be showcased at Oracle OpenWorld and featured in Oracle publications.  

The  Identity and Access Management Nomination Form

Additional benefits to nominees
Nominating your organization opens additional opportunities to partner with Oracle such as:
•    Promotion of your Customer Success Stories
Provides a platform for you to share the success of your initiatives and programs to peer groups raising the overall visibility of your team and your organization as a leader in security

•    Social Media promotion (Video, Blog & Podcast)
Reach the masses of Oracle’s customers through sharing of success stories, or customer created blog content that highlights the advanced thought leadership role in security with co-authored articles on Oracle Blog page that reaches close to 100,000 subscribers. There are numerous options to promote activities on Facebook, Twitter and co-branded activities using Video and Audio.

•    Live speaking opportunities to your peers
As a technology leader within your organization, you can represent your organization at Oracle sponsored events (online, in person or webcasts) to help share the success of your organizations efforts building out your team/organization brand and success.

•    Invitation to the IDM Architect Forum
Oracle is able to invite the right customers into the IDM Architect Forum which is an invite only group of customers that meet monthly to hear technology driven presentations from their own peers (not from Oracle) on today’s trends.  If you want to hear privately what some of the most successful companies in every industry are doing about security, this is the forum to be in. All presentations are private and remain within the forum, and only members can see take advantage of the lessons gained from these meetings.  To date, there are 125 members.

There are many more advantages to partnering with Oracle, however, it can start with the simple nomination form for Identity and Access Management category of the 2014 Oracle Excellence Award

Monday May 12, 2014

Modernizing UK Government with Aurionpro Sena

Around the world governments are transforming to deliver online citizen services and gain economies of scale by removing silos across departments. For many people, the images of government include: long lines, lots of paper work, and bureaucracy. While taxes continue to rise, the quality of service has continued to lag. A study by McKinsey showed that 50% of citizens are demanding access to government services on the weekends and many governments are stepping up to address the need. The UK government is setting the example for efficiency with a digital services strategy. In a recent newsletter article, Aurionpro Sena shares how Identity and Access Management initiatives in the UK government are de-fragmenting the infrastructure that connects people and removing roadblocks to collaboration. As a result, the UK government is now an innovation center.

The first phase of the initiative is modernizing 25 services delivered by 14 agencies across 8 government departments. The results so far are amazing. The report estimates that moving services from offline to digital channels will save the UK government £1.7 and £1.8 billion per year.  If you are interested in reading the strategy document, click here.

Our partners at Aurionpro Sena have been busy working closely with the Cabinet office on their deployment and documented the results in a recent newsletter article. Using Oracle's Identity Management, Aurionpro Sena started working with a number of UK government departments in 2013 to design, build, and support a federated identity shared service that could be securely hosted within a Public Service Network (PSN) accredited data center. The resulting service, Aurionpro's Public Sector Internal Identity Federation (PSIIF) Hub will enable easier sharing of information across the public sector, increasing the security of data access and enabling public sector organizations to realize savings across the government's information and communications technology (ICT) program. The PSIIF hub is now available for procurement through the government's Cloudstore. Full article here.

The GDS (Government Digital Services) organization produced the video below as a demonstration of the services being rolled out. These examples are inspirational and will change the way we think about government. One day we may scarcely remember that renewing your driver's license meant taking a day off from work to go to the DMV (Department of Motor Vehicles) to take a number and wait for your name to be called. Calling the state tax office only to be transferred to multiple people who couldn't help you will be a story told in a medieval history class. Click to enjoy the video of the Sprint Alpha Transformation Demo from GDS on Vimeo.

Friday May 09, 2014

Three User Friendly Strategies for BYOD Security

For most CIO's, securing corporate data on mobile devices is top of mind. With enterprises producing more data than ever before in human history, much of that data will be accessible via mobile devices and mobile applications. In fact, studies suggest that 80% of enterprise access will be via mobile devices by 2020 vs. just 5% today. Amit Jasuja's recent article on the Forbes Oracle Voice, discusses three strategies for CIO's that can reduce the risk and simplify the user experience.

Wednesday May 07, 2014

Deploying the Oracle IAM Suite with the Deployment Wizard - by Alex Stanciu (IDMWORKS)

With the release of Identity & Access Management suite R2 PS2 (11.1.2.2.0), Oracle has released a new deployment tool, called the Oracle Identity and Access Management Deployment Wizard, to automate the installation and configuration of products related to the IAM suite.



With the Deployment Wizard, you can fully automate the installation, configuration and integration of WebLogic Server, SOA Suite, Oracle Identity Manager, Oracle Access Management, Oracle Unified Directory, Oracle HTTP Server and Webgates. The tool allows you to select one of three deployment topologies: OIM, OAM or OIM integrated with OAM and OUD. As an Oracle Partner in this space, IDMWORKS has taken our extensive experiences in this field and pulled together a detailed paper on the usage of this Deployment Wizard that will help to give insight to those of you looking for help in understanding how to take advantage of the latest capabilities from Oracle in the deployment of Oracle's Identity and Access Management offerings. For this detailed whitepaper, please follow the link to the IDMWORKS website


Monday May 05, 2014

Is Mobility Creating New Identity and Access Challenges? - by Marcel Rizcallah

Are mobile, social, big data and cloud services generating new Identity and Access Management challenges? Guest blogger Marcel Rizcallah is the EMEA Domain Leader for Security at Oracle Consulting and today will highlight some of the new IAM challenges faced by customers with Cloud services and Mobile applications.

Sales force users ask more often for iPad or mobile devices to access Cloud services, such as CRM applications. A typical requirement is to use an AD or corporate directory account to login seamlessly into the Cloud service, either with a web browser or a downloaded application on a device. The benefits, compared to a different login/password provided by the Cloud provider, is more security and better identity governance for their organization; password policy is enforced, CRM services are granted to sales people only and Cloud accounts are de-provisioned immediately when people leave.

Integrating a mobile device browser with the intranet is easily addressed with federation solutions using the SAML standard. The user provides his login and password only once and tools such as Oracle Mobile Security Suite and Oracle Access Manager provide the end-to-end integration with the corporate directory.

Authenticating through a downloaded application provided by the Cloud service may be more complex; the user authenticates locally and the device application checks first the credentials in the cloud environment. The credentials are relayed to the organization’s intranet using REST services or standards such as SAML to validate the credentials.

Integrating IAM services between SaaS applications in the Cloud and the corporate intranet may lead to a weird situation. Let’s look at this example: one of my customers discovered that their CRM SaaS application, provided by a public Cloud environment, was supposed to be SAML compliant, yet did not correctly generate one of the SAML messages when authenticating through a downloaded application on the device. Despite all parties agreeing that this is a bug, fixing the Cloud application was not an option because of the possible impact on millions of Cloud customers. On the other hand, changing the Oracle Access Manager product, fully compliant to SAML 2.0, was not an option either. The short term solution would be to build a custom credential validation plug-in in Oracle Access Manager or an integration tool, such as Oracle API Gateway to transform the wrong message on the fly! Of course this should not stay a long term solution!

When we ask customers which SSO or Identity Governance services are the priority for integrating Cloud SaaS applications with their intranet, most of them says it’s SSO. Actually SSO is more urgent because users want to access Cloud services seamlessly from the intranet. But that’s the visible part of the iceberg; if Cloud accounts are not aligned to employees referential or sales force users, customers will end up paying more license fees to the Cloud provider than needed. SSO with Oracle Access Manager will improve customer experience, but cloud provisioning / de-provisioning with Oracle Identity Governance will optimize Cloud costs.

Use the following links to learn more about Oracle IDM products and Oracle Consulting Services for IDM.

Wednesday Apr 30, 2014

Identity Enabling Mobile Security - by Suresh Sridharan

Smart Connected Device Growth: The growth of smartphones and tablet devices has been phenomenal over the past 4 years. Global smartphone shipments have grown extensively from approximately 100m units in 2010 to 725m units in 2012, reaching 1b devices in January 2014. Simultaneously, tablet shipments have grown from 5m units in 2010 to approximately 125m units in 2012. Tablet numbers are likely to touch 400m units by 2017.

This explosion in the shipment of smart connected devices has also led to a significant change in users’ behavior and expectations.

In a corporate environment, the phenomenon of Bring Your Own Device (BYOD) is gaining momentum. Gartner predicts that 38% of all organizations will have an “all BYOD” policy by 2016, up from 6% today (2014). If the same device is being used for both personal and work purposes, users will expect the same experience across corporate and personal apps. Further, employees regularly use similar apps for both business and personal purposes examples include: WhatsApp, Skype and Facebook..

Mobile devices present benefits both for organizations and for individuals. Surveys show that a BYOD policy helps employee gain an extra 37 minutes of productive time every week. To increase sales productivity, some of our customers are mobile-enabling sales teams to ensure that they have access to the latest information when they meet with customers.

Security is one of the most significant mobile device challenges both for consumers and for enterprises. Although mobile-commerce is growing rapidly (to $25b in the US alone), 60% all retail transactions that get to the checkout stage are abandoned with security as one of the main causes, according to recent data.

As corporate data on the device co-mingles with user data on a personal device, it becomes challenging for enterprises to impose restrictions on the use of devices. About 40% of adults do not protect their smartphones with a passcode, with married adults that number goes up to 45%.
In order to address security challenges, IT should be able to define and enforce policies that meet security and privacy standards to protect intellectual property, other corporate assets and optionally, personal employee data.

There are three things to consider while implementing security in the new mobile age:

  1. Implement a strong identity management system that allows one to manage users and ensure that they are able to access information based on the principle of least privilege to carry out the necessary tasks.
  2. Implement an access management solution to secure data based on who is accessing it and the risk profile of that specific transaction.
  3. Implement a mobile security solution that will help secure data on the device and ensure corporate security policies are enforced on the device from which assets are being accessed.

In essence, organizations need to ensure that application data is secured based on the user accessing it and the device and location from which it is being secured. Securing the device and the user identity, in isolation, is not sufficient.

Wednesday Apr 23, 2014

Time Still Left to Register: Webcast on Transformation of the Perimeter

As enterprises increase their usage of mobile devices, there is a fundamental question of "Where is the perimeter moving to, and how best to secure?" Corporate data now spans outside into service provider frameworks accessible from mobile device platforms, partners and even customers, and the pressures to minimize the risk are greater than ever. There is no longer the ability to secure at just the firewall. This presentation will discuss some of the challenges that corporations are facing as they externalize this data for the mobile generation of employees, partners and customers, and what steps that can be implemented to help reduce the risk of expanding the corporate perimeter to the mobile device. 

There is still time left to register for this event:

Date: Thursday, April 24, 2014
Time: 10:00 AM PDT

Wednesday Apr 02, 2014

Analyzing How MDM and MAM Stack Up Against Your Mobile Security Requirements - by Matt Flynn

Mobile is the new black. Every major analyst group seems to have a different phrase for it but we all know that workforces are increasingly mobile and BYOD (Bring Your Own Device) is quickly spreading as the new standard. As the mobile access landscape changes and organizations continue to lose more and more control over how and where information is used, there is also a seismic shift taking place in the underlying mobile security models.

Mobile Device Management (MDM) was a great first response by an Information Security industry caught on its heels by the overwhelming speed of mobile device adoption. Emerging at a time when organizations were purchasing and distributing devices to employees, MDM provided a mechanism to manage those devices, ensure that rogue devices weren’t being introduced onto the network, and enforce security policies on those devices. But MDM was as intrusive to end-users as it was effective for enterprises.

In the MDM model, employees relinquished control of their devices to their employer. Big brother knew what was installed, how the devices were used, what data was on the device, and MDM gave organizations full control to wipe device data at-will. As a result, many people chose to carry two devices; one for personal use and the other for work. As device manufacturers dramatically improved products every six months, people quickly began using personal devices as the primary communication mechanism and work devices as-needed to perform certain tasks. It also drove people to insecurely send work data to personal devices for convenience increasing the risk of data loss. For these reasons and with the upswing of BYOD, MDM has been relegated to playing a supporting role in Enterprise Mobile Security.

Mobile Application Management (MAM) has emerged as a better alternative to MDM in the world of BYOD. MAM solutions create a secure mechanism for employees to interact with corporate data and apps without infringing upon personal apps and data. With MAM, organizations can control application and data access, how data is used on mobile devices, and to enable new mobile access scenarios without compromising security. MAM embraces the BYOD movement and encourages employee mobility while also locking down data, reducing exposure, and responding more efficiently to compliance mandates about how data is used. But MAM isn’t the end of the story.

Mobile access isn’t much different than other types of access. It’s just another access point that should be part of an Enterprise Access Management approach. Securing access via mobile devices shouldn’t require an entirely separate technology silo, another set of management interfaces, and yet another point of integration for corporate Access Governance. Also, most MAM solutions fall short on a variety of use-cases. By rationalizing MAM into an enterprise Access Management approach, organizations gain extremely valuable capabilities that are otherwise unavailable in MAM solutions alone.

For example, MAM-type on-device virtual workspace approaches don’t work very well in B2C scenarios where apps are delivered via well-known public app stores. Nor do they make sense from a user experience perspective in those scenarios. Also, for advanced Access Management scenarios such as risk-based transaction authorization, integrating basic app security with back-end adaptive access solutions provides extremely compelling benefits. With apps looking to leverage modern protocols such as REST to access legacy system data, there are benefit from Access Management infrastructure such as API Gateways that provide those services. Providing support for these advanced scenarios in a solution that provides a single point of management, single infrastructure, and unified audit trail is where Mobile security is heading.

Next generation mobile security solutions will see MDM and MAM features integrated into more traditional and enterprise-centric Access Management solutions. This single platform approach simplifies management, reduces cost, and enables an improved user experience. But more importantly, incorporating the capabilities of a robust Access Management platform opens new avenues through which to do business and engage with customers, partners, and the extended community. Oracle has a focus on providing exactly this kind of integrated and consolidated approach to securing the mobile platform through securing the device, applications and the access with the Oracle Mobile Security Suite.

In our next post in this series, we’ll look at the various deployment phases through which cloud technologies are being adopted by increasingly mobile workforces starting with cloud-based file sharing services.

Wednesday Mar 26, 2014

Multi Channel Architecture & Securing The Mobile Channel - by Ricardo Diaz

This brand NEW series from Oracle's Global Sales Support team will be dive into mobile security risks, dissect MDM, MAM and changes in the wind, device management, fraud, secure containers, extending IdM to mobile, application development and much more.

Multi-Channel Architecture (MCA) projects are trans-formative business trends brought on by I.T. modernization initiatives across industries.  As these customer, partner, vendor or employee channel's technology evolve to meet today's new business opportunities, security and privacy risks have never been greater.  Especially, the Mobile Channel.         


Let's look at one of my favorite industry's multi-channel architectures, BANKING, and why securing the mobile channel is a quickly becoming a priority for businesses globally.

A banks channels, ATM, Branches, Online, IVR, POS, PSE and Mobile, all need air tight information protection policy and rock solid security/privacy controls.  The Mobile channel on the surface, looms as the 800 pound gorilla in the room with many bank enterprise security architects because mobile security, to many, is so new.  In reality, with he right technology partner it doesn’t have to be. 

One of interesting and risky trend I noticed  working with Colombia, Mexico and Australia banks and their MCA projects is where the mobile application development group sits in the enterprise org.  These critical development teams were sitting outside of I.T. !  NO governance.  Weak security.  They did this to speed the development process of their apps.  I get it but this is a good example of what probably is more common than you'd think when it comes to the risks of mobile application development.   So is bringing these development teams under the I.T. umbrella going to secure their apps?  Not necessarily but his type of security challenge highlights the need for not just a good mobile security solution but one that isn't bound by organizational or political barriers.  All these MCA Banking projects had this challenge as a key business driver for a robust secure mobile channel.  Take a look INSIDE your organization.   Is security ubiquitous within your mobile business channel? Are short cuts being taken to speed up development and meet business demand?  Can you extend your enterprise security policy to these mobile devices if these apps were not built to your corporate enterprise architecture or security standard?

In the next GSS blog, we will highlight how the MDM/MAM space has evolved and why these technologies are part of the mobile security answer but not the final answer.

Monday Mar 24, 2014

A European Perspective on Identity and Access Management

Guest blogger Marcel Rizcallah is the EMEA Domain Leader for Security at Oracle Consulting.

In the last 10+ years working with identity and access management  (IAM) customers, I have had the pleasure to work on different case studies throughout Europe that include specific industry requirements. In doing so, I have assisted customers with the definition of their IAM strategy and implementation roadmap, helping align security policies with business drivers.

I have learned that the European market is characterized by a high level of consolidation with merger and acquisitions in recent years. For example, most of the Telco organizations have consolidated through acquisitions, and now only a few giants remain such as BT, Orange, Vodafone, Telefonica and Telenor. The consequence is difficulty achieving compliance with regulatory laws and controlling operations costs as it’s challenging to get a single view of their European employees and centralize access rights across the various applications and systems, which unfortunately are still based on local and legacy solutions.

As most organizations used to have local and disconnected IAM solutions, they are now starting to rebuild consolidated and brand new IAM infrastructures based on the last versions of
Oracle IAM products. Thanks to the underpinning Oracle FMW stack, organizations can now provide the flexibility and scalability required by such huge implementations with 100 000’s of users and even millions of them, if we include their customers.

In the Public sector, governments and the European Union organization are working on citizen’s services integration to provide better user experience and harmonize citizen’s rights between countries, such as social security, unemployment and retirement services. For that, governments are adopting identity federation services based on SAML 2.0.  Federation is so strategic for them, that countries such as France were part of the Liberty Alliance foundation and were active in elaborating the federation standard with vendors such as Sun. Today, identity federation is also a key component of online government services, providing better citizen experience with access management single-sign-on and identity mapping when moving across online services such as unemployment or tax declaration.

European institutions such as national banks and borders agencies are providing access to their public agents to shared applications across countries. The complexity of such integration resides in the different approval workflows, which are specific to each country, and need to be processed across more than one organization. They have developed complex and custom workflows in their legacy IAM solutions which are difficult and expensive to maintain. This is where modern IAM platforms, with embedded workflows engines such as Oracle BPEL, can bring a strong added value.

In the finance sector, retail and private banks are looking to control critical application access based on employees’ job position and organization. Most of them have defined role models that need to be integrated with a provisioning solution to update accesses on user join, move or leave. Solutions usually rely on custom role modeling tools and corporate directories with groups associated to each role. Those directories must be designed to be highly available and performant to avoid being a single point of failure.

From those few examples we can see that IAM solutions have to address specific challenges per industry sector. Those challenges will increase with Mobile & Social, Big Data and Cloud computing! I will elaborate on this in a next blog.

Use the following links to learn more about Oracle IDM products and Oracle Consulting Services for IDM.

Wednesday Feb 26, 2014

Announcing Oracle Mobile Security Suite: Secure Deployment of Applications and Access for Mobile

Today, Oracle has announced a new offering, Oracle Mobile Security Suite, which will provide access to sensitive applications and data on personal or corporate owned devices.  This new offering will give enterprises unparalleled capabilities in how they contain, control and enhance the mobile experience.


A great deal of effort has been placed into analyzing how corporations are leveraging the mobile platform today, as well as how they will use this platform in the future. Corporate IT has spoken loud and clear of the challenges they face around lengthy provisioning times for access to applications and services, as well as the need for managing the increased usage of applications.  Recent industry reports show how significant the risks can be.  1 A detailed assessment of one of the most popular application marketplaces shows that 100% of the top 100 paid apps have some form of rogue variant posted within the same marketplace. As credential theft is on the rise, one of the targets this is being achieved is on the mobile device with rogue apps or Malware with embedded keystroke recorders or collection tools that send back other critical data from the device.

One of the great new features of the Oracle Mobile Security Suite (OMSS)  is through the use of containers.  Containers allow OMSS to create a secure workspace within the device, where corporate applications, email, data and more can reside. This workspace utilizes its own secure communications back to the back end cloud or corporate systems, independent of VPN.  This means that corporate information is maintained and managed separate of the personal content on the device giving end users the added flexibility of using personal devices without impacting the corporate workspace.  Remote wipe of data now doesn't impact the entire device, rather, only the contents of the corporate workspace.  New policies and changes in access and applications can be applied whenever a user authenticates into their workspace, without having to rebuild or re-wrap any applications in the process, unlike other offerings.  This is a very unique approach for Oracle.

More details on this new release at  http://www.oracle.com/us/corporate/press/2157116

Rounding out this offering, are capabilities that enable the complete end to end provisioning of access, Single Sign-on within the container, enterprise app store and much more.  

Technical Whitepaper: Extending Enterprise Access and Governance with Oracle Mobile Security

For the latest information on Oracle's Mobile Strategy, please visit the Oracle Mobile Security Suite product page, or check back for upcoming Mobile Security postings on the Oracle IDM blog page this March. 

1 2013 X-Force Internet Threat Report


Friday Dec 13, 2013

Passing the Puck to the CTO - BeachBody's Miracle Moment of Identity

BeachBody CTO, Arnaud Robert, was prepared for competitive business at an early age.  Showing success on the ice as a captain of his hockey team, taught Arnaud that there are many similarities between the game of hockey, in particular, the position of team captain, and that of today's CTO.  As Arnaud points out, today's CTOs must remain very nimble and capable of acting much like that of a team captain.  Regardless if we are talking pucks and tasks, periods and quarters or games and projects, the methodologies in managing has given Arnaud a focus with the BeachBody business that he has used to expand the BeachBody enterprise in the areas of Identity Management and Mobile Enablement.

Take a moment to watch this great video from Arnaud and see if you and your CTO can relate to the hockey challenges, and how you are responding in the areas of Identity.


About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« May 2016
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
12
13
14
15
16
17
18
19
20
21
22
23
25
26
27
28
29
30
31
    
       
Today