- Oracle Directory Server Enterprise Edition (DSEE) to Oracle Unified Directory (OUD) Upgrade and Co-existence
- Does Your Company Recognize Your Online Identity - Anywhere, Anytime?
- New eBook: Establishing a Mobile Security Architecture
- Look, Puppies! And Other Stories from the Utility Industry’s Digital Transformation
- ISACA Webcast Replay - Manage, Monitor & Audit the Mobile User
- Security and the User Experience: A Balancing Act
- Putting the dots together: How to provide compliance and individual accountability with Oracle Privileged Account Manager
- Building a Scalable, Highly Available Oracle API Gateway 11g Infrastructure in a Cloud Environment
- Is Your PaaS Delivering the Agility Your Users Demand?
- Why Customers Should Upgrade Directory Server Enterprise Edition (DSEE) to Oracle Unified Directory (OUD)
Friday May 09, 2014
Wednesday May 07, 2014
By Greg Jensen on May 07, 2014
With the release of Identity & Access Management suite R2 PS2 (22.214.171.124.0), Oracle has released a new deployment tool, called the Oracle Identity and Access Management Deployment Wizard, to automate the installation and configuration of products related to the IAM suite.
With the Deployment Wizard, you can fully automate the installation, configuration and integration of WebLogic Server, SOA Suite, Oracle Identity Manager, Oracle Access Management, Oracle Unified Directory, Oracle HTTP Server and Webgates. The tool allows you to select one of three deployment topologies: OIM, OAM or OIM integrated with OAM and OUD. As an Oracle Partner in this space, IDMWORKS has taken our extensive experiences in this field and pulled together a detailed paper on the usage of this Deployment Wizard that will help to give insight to those of you looking for help in understanding how to take advantage of the latest capabilities from Oracle in the deployment of Oracle's Identity and Access Management offerings. For this detailed whitepaper, please follow the link to the IDMWORKS website.
Monday May 05, 2014
By Greg Jensen on May 05, 2014
Are mobile, social, big data and cloud services generating new Identity and Access Management challenges? Guest blogger Marcel Rizcallah is the EMEA Domain Leader for Security at Oracle Consulting and today will highlight some of the new IAM challenges faced by customers with Cloud services and Mobile applications.
Sales force users ask more often for iPad or mobile devices to access Cloud services, such as CRM applications. A typical requirement is to use an AD or corporate directory account to login seamlessly into the Cloud service, either with a web browser or a downloaded application on a device. The benefits, compared to a different login/password provided by the Cloud provider, is more security and better identity governance for their organization; password policy is enforced, CRM services are granted to sales people only and Cloud accounts are de-provisioned immediately when people leave.
Integrating a mobile device browser with the intranet is easily addressed with federation solutions using the SAML standard. The user provides his login and password only once and tools such as Oracle Mobile Security Suite and Oracle Access Manager provide the end-to-end integration with the corporate directory.
Authenticating through a downloaded application provided by the Cloud service may be more complex; the user authenticates locally and the device application checks first the credentials in the cloud environment. The credentials are relayed to the organization’s intranet using REST services or standards such as SAML to validate the credentials.
Integrating IAM services between SaaS applications in the Cloud and the corporate intranet may lead to a weird situation. Let’s look at this example: one of my customers discovered that their CRM SaaS application, provided by a public Cloud environment, was supposed to be SAML compliant, yet did not correctly generate one of the SAML messages when authenticating through a downloaded application on the device. Despite all parties agreeing that this is a bug, fixing the Cloud application was not an option because of the possible impact on millions of Cloud customers. On the other hand, changing the Oracle Access Manager product, fully compliant to SAML 2.0, was not an option either. The short term solution would be to build a custom credential validation plug-in in Oracle Access Manager or an integration tool, such as Oracle API Gateway to transform the wrong message on the fly! Of course this should not stay a long term solution!
When we ask customers which SSO or Identity Governance services are the priority for integrating Cloud SaaS applications with their intranet, most of them says it’s SSO. Actually SSO is more urgent because users want to access Cloud services seamlessly from the intranet. But that’s the visible part of the iceberg; if Cloud accounts are not aligned to employees referential or sales force users, customers will end up paying more license fees to the Cloud provider than needed. SSO with Oracle Access Manager will improve customer experience, but cloud provisioning / de-provisioning with Oracle Identity Governance will optimize Cloud costs.Use the following links to learn more about Oracle IDM products and Oracle Consulting Services for IDM.
Wednesday Apr 30, 2014
By Greg Jensen on Apr 30, 2014
Smart Connected Device Growth: The growth of smartphones and tablet devices has been phenomenal over the past 4 years. Global smartphone shipments have grown extensively from approximately 100m units in 2010 to 725m units in 2012, reaching 1b devices in January 2014. Simultaneously, tablet shipments have grown from 5m units in 2010 to approximately 125m units in 2012. Tablet numbers are likely to touch 400m units by 2017.
This explosion in the shipment of smart connected devices has also led to a significant change in users’ behavior and expectations.
In a corporate environment, the phenomenon of Bring Your Own Device (BYOD) is gaining momentum. Gartner predicts that 38% of all organizations will have an “all BYOD” policy by 2016, up from 6% today (2014). If the same device is being used for both personal and work purposes, users will expect the same experience across corporate and personal apps. Further, employees regularly use similar apps for both business and personal purposes examples include: WhatsApp, Skype and Facebook..
Mobile devices present benefits both for organizations and for individuals. Surveys show that a BYOD policy helps employee gain an extra 37 minutes of productive time every week. To increase sales productivity, some of our customers are mobile-enabling sales teams to ensure that they have access to the latest information when they meet with customers.
Security is one of the most significant mobile device challenges both for consumers and for enterprises. Although mobile-commerce is growing rapidly (to $25b in the US alone), 60% all retail transactions that get to the checkout stage are abandoned with security as one of the main causes, according to recent data.
As corporate data on the device co-mingles with user data on a personal device, it becomes challenging for enterprises to impose restrictions on the use of devices. About 40% of adults do not protect their smartphones with a passcode, with married adults that number goes up to 45%.
In order to address security challenges, IT should be able to define and enforce policies that meet security and privacy standards to protect intellectual property, other corporate assets and optionally, personal employee data.
There are three things to consider while implementing security in the new mobile age:
- Implement a strong identity management system that allows one to manage users and ensure that they are able to access information based on the principle of least privilege to carry out the necessary tasks.
- Implement an access management solution to secure data based on who is accessing it and the risk profile of that specific transaction.
- Implement a mobile security solution that will help secure data on the device and ensure corporate security policies are enforced on the device from which assets are being accessed.
In essence, organizations need to ensure that application data is secured based on the user accessing it and the device and location from which it is being secured. Securing the device and the user identity, in isolation, is not sufficient.
Wednesday Apr 23, 2014
By Greg Jensen on Apr 23, 2014
As enterprises increase their usage of mobile devices, there is a
fundamental question of "Where is the perimeter moving to, and how best
to secure?" Corporate data now spans outside into service provider
frameworks accessible from mobile device platforms, partners and even
customers, and the pressures to minimize the risk are greater than ever.
There is no longer the ability to secure at just the firewall. This
presentation will discuss some of the challenges that corporations are
facing as they externalize this data for the mobile generation of
employees, partners and customers, and what steps that can be
implemented to help reduce the risk of expanding the corporate perimeter
to the mobile device.
There is still time left to register for this event:
Date: Thursday, April 24, 2014
Time: 10:00 AM PDT
Wednesday Apr 02, 2014
By Greg Jensen on Apr 02, 2014
Mobile Device Management (MDM) was a great first response by an Information Security industry caught on its heels by the overwhelming speed of mobile device adoption. Emerging at a time when organizations were purchasing and distributing devices to employees, MDM provided a mechanism to manage those devices, ensure that rogue devices weren’t being introduced onto the network, and enforce security policies on those devices. But MDM was as intrusive to end-users as it was effective for enterprises.
In the MDM model, employees relinquished control of their devices to their employer. Big brother knew what was installed, how the devices were used, what data was on the device, and MDM gave organizations full control to wipe device data at-will. As a result, many people chose to carry two devices; one for personal use and the other for work. As device manufacturers dramatically improved products every six months, people quickly began using personal devices as the primary communication mechanism and work devices as-needed to perform certain tasks. It also drove people to insecurely send work data to personal devices for convenience increasing the risk of data loss. For these reasons and with the upswing of BYOD, MDM has been relegated to playing a supporting role in Enterprise Mobile Security.
Mobile Application Management (MAM) has emerged as a better alternative to MDM in the world of BYOD. MAM solutions create a secure mechanism for employees to interact with corporate data and apps without infringing upon personal apps and data. With MAM, organizations can control application and data access, how data is used on mobile devices, and to enable new mobile access scenarios without compromising security. MAM embraces the BYOD movement and encourages employee mobility while also locking down data, reducing exposure, and responding more efficiently to compliance mandates about how data is used. But MAM isn’t the end of the story.
Mobile access isn’t much different than other types of access. It’s just another access point that should be part of an Enterprise Access Management approach. Securing access via mobile devices shouldn’t require an entirely separate technology silo, another set of management interfaces, and yet another point of integration for corporate Access Governance. Also, most MAM solutions fall short on a variety of use-cases. By rationalizing MAM into an enterprise Access Management approach, organizations gain extremely valuable capabilities that are otherwise unavailable in MAM solutions alone.
For example, MAM-type on-device virtual workspace approaches don’t work very well in B2C scenarios where apps are delivered via well-known public app stores. Nor do they make sense from a user experience perspective in those scenarios. Also, for advanced Access Management scenarios such as risk-based transaction authorization, integrating basic app security with back-end adaptive access solutions provides extremely compelling benefits. With apps looking to leverage modern protocols such as REST to access legacy system data, there are benefit from Access Management infrastructure such as API Gateways that provide those services. Providing support for these advanced scenarios in a solution that provides a single point of management, single infrastructure, and unified audit trail is where Mobile security is heading.
Next generation mobile security solutions will see MDM and MAM features integrated into more traditional and enterprise-centric Access Management solutions. This single platform approach simplifies management, reduces cost, and enables an improved user experience. But more importantly, incorporating the capabilities of a robust Access Management platform opens new avenues through which to do business and engage with customers, partners, and the extended community. Oracle has a focus on providing exactly this kind of integrated and consolidated approach to securing the mobile platform through securing the device, applications and the access with the Oracle Mobile Security Suite.
In our next post in this series, we’ll look at the various deployment phases through which cloud technologies are being adopted by increasingly mobile workforces starting with cloud-based file sharing services.
Wednesday Mar 26, 2014
By Greg Jensen on Mar 26, 2014
Multi-Channel Architecture (MCA) projects are trans-formative business trends brought on by I.T. modernization initiatives across industries. As these customer, partner, vendor or employee channel's technology evolve to meet today's new business opportunities, security and privacy risks have never been greater. Especially, the Mobile Channel.
Let's look at one of my favorite industry's multi-channel architectures, BANKING, and why securing the mobile channel is a quickly becoming a priority for businesses globally.
A banks channels, ATM, Branches, Online, IVR, POS, PSE and Mobile, all need air tight information protection policy and rock solid security/privacy controls. The Mobile channel on the surface, looms as the 800 pound gorilla in the room with many bank enterprise security architects because mobile security, to many, is so new. In reality, with he right technology partner it doesn’t have to be.
One of interesting and risky trend I noticed working with Colombia, Mexico and Australia banks and their MCA projects is where the mobile application development group sits in the enterprise org. These critical development teams were sitting outside of I.T. ! NO governance. Weak security. They did this to speed the development process of their apps. I get it but this is a good example of what probably is more common than you'd think when it comes to the risks of mobile application development. So is bringing these development teams under the I.T. umbrella going to secure their apps? Not necessarily but his type of security challenge highlights the need for not just a good mobile security solution but one that isn't bound by organizational or political barriers. All these MCA Banking projects had this challenge as a key business driver for a robust secure mobile channel. Take a look INSIDE your organization. Is security ubiquitous within your mobile business channel? Are short cuts being taken to speed up development and meet business demand? Can you extend your enterprise security policy to these mobile devices if these apps were not built to your corporate enterprise architecture or security standard?
In the next GSS blog, we will highlight how the MDM/MAM space has evolved and why these technologies are part of the mobile security answer but not the final answer.
Monday Mar 24, 2014
By Greg Jensen on Mar 24, 2014
Guest blogger Marcel Rizcallah is the EMEA Domain Leader for Security at Oracle Consulting.
In the last 10+ years working with identity and access management (IAM) customers, I have had the pleasure to work on different case studies throughout Europe that include specific industry requirements. In doing so, I have assisted customers with the definition of their IAM strategy and implementation roadmap, helping align security policies with business drivers.
have learned that the European market is characterized by a high level of
consolidation with merger and acquisitions in recent years. For example, most
of the Telco organizations have consolidated through acquisitions, and now only
a few giants remain such as BT, Orange, Vodafone, Telefonica and Telenor. The
consequence is difficulty achieving compliance with regulatory laws and
controlling operations costs as it’s challenging to get a single view of their
European employees and centralize access rights across the various applications
and systems, which unfortunately are still based on local and legacy solutions.
As most organizations used to have local and disconnected IAM solutions, they are now starting to rebuild consolidated and brand new IAM infrastructures based on the last versions of Oracle IAM products. Thanks to the underpinning Oracle FMW stack, organizations can now provide the flexibility and scalability required by such huge implementations with 100 000’s of users and even millions of them, if we include their customers.
In the Public sector, governments and the European Union organization are working on citizen’s services integration to provide better user experience and harmonize citizen’s rights between countries, such as social security, unemployment and retirement services. For that, governments are adopting identity federation services based on SAML 2.0. Federation is so strategic for them, that countries such as France were part of the Liberty Alliance foundation and were active in elaborating the federation standard with vendors such as Sun. Today, identity federation is also a key component of online government services, providing better citizen experience with access management single-sign-on and identity mapping when moving across online services such as unemployment or tax declaration.
European institutions such as national banks and borders agencies are providing access to their public agents to shared applications across countries. The complexity of such integration resides in the different approval workflows, which are specific to each country, and need to be processed across more than one organization. They have developed complex and custom workflows in their legacy IAM solutions which are difficult and expensive to maintain. This is where modern IAM platforms, with embedded workflows engines such as Oracle BPEL, can bring a strong added value.
In the finance sector, retail and private banks are looking to control critical application access based on employees’ job position and organization. Most of them have defined role models that need to be integrated with a provisioning solution to update accesses on user join, move or leave. Solutions usually rely on custom role modeling tools and corporate directories with groups associated to each role. Those directories must be designed to be highly available and performant to avoid being a single point of failure.
From those few examples we can see that IAM solutions have to address specific challenges per industry sector. Those challenges will increase with Mobile & Social, Big Data and Cloud computing! I will elaborate on this in a next blog.
Wednesday Feb 26, 2014
By Greg Jensen on Feb 26, 2014
Today, Oracle has announced a new offering, Oracle Mobile Security Suite, which will provide access to sensitive applications and data on personal or corporate owned devices. This new offering will give enterprises unparalleled capabilities in how they contain, control and enhance the mobile experience.
A great deal of effort has been placed into analyzing how corporations are leveraging the mobile platform today, as well as how they will use this platform in the future. Corporate IT has spoken loud and clear of the challenges they face around lengthy provisioning times for access to applications and services, as well as the need for managing the increased usage of applications. Recent industry reports show how significant the risks can be. 1 A detailed assessment of one of the most popular application marketplaces shows that 100% of the top 100 paid apps have some form of rogue variant posted within the same marketplace. As credential theft is on the rise, one of the targets this is being achieved is on the mobile device with rogue apps or Malware with embedded keystroke recorders or collection tools that send back other critical data from the device.
One of the great new features of the Oracle Mobile Security Suite (OMSS) is through the use of containers. Containers allow OMSS to create a secure workspace within the device, where corporate applications, email, data and more can reside. This workspace utilizes its own secure communications back to the back end cloud or corporate systems, independent of VPN. This means that corporate information is maintained and managed separate of the personal content on the device giving end users the added flexibility of using personal devices without impacting the corporate workspace. Remote wipe of data now doesn't impact the entire device, rather, only the contents of the corporate workspace. New policies and changes in access and applications can be applied whenever a user authenticates into their workspace, without having to rebuild or re-wrap any applications in the process, unlike other offerings. This is a very unique approach for Oracle.
More details on this new release at http://www.oracle.com/us/corporate/press/2157116
Rounding out this offering, are capabilities that enable the complete end to end provisioning of access, Single Sign-on within the container, enterprise app store and much more.
Technical Whitepaper: Extending Enterprise Access and Governance with Oracle Mobile Security
For the latest information on Oracle's Mobile Strategy, please visit the Oracle Mobile Security Suite product page, or check back for upcoming Mobile Security postings on the Oracle IDM blog page this March.
1 2013 X-Force Internet Threat Report
Friday Dec 13, 2013
By Greg Jensen on Dec 13, 2013
Take a moment to watch this great video from Arnaud and see if you and your CTO can relate to the hockey challenges, and how you are responding in the areas of Identity.
Wednesday Dec 11, 2013
By Greg Jensen on Dec 11, 2013
In our first post, we explored BYOD, its imminent challenges and tool sets which one can employ to overcome these hurdles. The second post gave you peek into Mobile Device Management (MDM) and the set of problems it alleviates.
In this post, I will briefly introduce you to a relatively lesser know Mobile Security term known as 'App Containerization'. Then we will continue to explore the Oracle Access Mobile and Social product offerings. This time, the emphasis would be on 'How' OAMMS facilitates a secure mobile experience and help you gain insight into what really happens behind the scenes.
Mobile Application Containerization: What does it really mean?
As the name clearly indicates, it is a mobile 'application' level security mechanism as opposed to 'device' level protection with an emphasis on providing finer-grained application-level controls, not just device-level controls. Application Containerization can allow organizations to protect their data on any mobile device by ensuring that security restrictions are applicable only when the user interacts with the enterprise/official business applications.
How is it different from Mobile Device Management?
Mobile Device Management (MDM), empowers IT with device level controls such as executing remote data wipe, enforcing device password policy etc. It is an indispensable tool for corporations. However, from an end user perspective, MDM brings to fore, concerns such as
Employee privacy invasion - Why should the organization have ACCESS to my personal photos, emails etc?
Employee personal data sustainability concerns - What if my company wipes out ALL of my personal data on my device in order to reduce risk for couple of corporate applications?
All that matters is to keep enterprise data secure, not to intrude user's privacy.
'Containerization' is a technique which can help organizations combine the best of both worlds. It is categorized under the 'Mobile Application Management' (MAM) domain. This is a new generation mobile security technology which ensures tight reign over corporate data on mobile devices without being too intrusive for the end user. Personal and Containerized applications can coexist on the mobile device, but each containerized application's data stays within the confines of its own 'container'. Communication to corporate servers or other 'containerized' applications are completely 'secure'.
App Containerization Fundamentals and Strategies
- Works on the concept of 'Sand-boxing' the application execution.
- Provides a secure run-time container for each managed application and its data.
- Clearly segregates personal and corporate applications and associated data irrespective of the device.
Few of the techniques which are employed for application containerization have been listed below
This strategy involves processing the application via the 'App Wrapping' tool and creating a security wrapper around it. This process does not require any additional 'coding'.
Customized Code Based Integration
Specific Software Development Kits (SDKs) can be leveraged in order to 'code' the functionalities which cannot be delivered via 'Application Wrapping', Mobile application developers can use APIs in the SDK to weave the capabilities of the mobile security platform within the applications.
This is a containerization technique wherein corporate and personal applications are installed under separate areas which are abstracted as 'personas'
Applications and data may be kept within the confines of an encrypted space, or folder.
A comprehensive App Containerization strategy combined with device level protection can go a long way in providing end-to-end mobile security.
Where does Oracle come into the picture?
Through its recent acquisition of Bitzer Mobile, Oracle's rich portfolio of mobile security offerings has been further strengthened. Oracle can help organizations with comprehensive solutions in order to manage the security of enterprise data held on employee's mobile devices.
Why Containerize Your Apps?
Containerization improves user experience and productivity as well as ensures enterprise safety and compliance by,
- Enabling secure and seamless data and service sharing between containerized apps. Users can access, edit, sync, and share corporate documents or other workflows that require multiple applications to work in coherence with each other.
- Restricting a user’s ability to access, copy, paste or edit data held within the application container.
- Enforcing security policies that govern access to the containerized data
- Allowing employees to switch between personal and corporate applications seamlessly, without risk of compromising company information.
Let us pick up the thread from the very first post of this series, and take a deep dive into the Oracle Access Manger Mobile and Social product offerings.
Oracle Mobile and Social Feature Set
OAMSS features can be broadly categorized into the following
Mobile Services segment of the OAMMS connect mobile devices and applications to existing IDAM services and components and enables organizations to reap full benefit of its existing IAM investments
Salient features of 'Mobile Services' are as follows
Under the hood, the basic Authentication process is powered by Oracle Access Manager. A typical use case encapsulates the following set of events
- The user launches the mobile application on his device which the him to the Mobile SSO Agent.
- Assuming that the device is already registered, the Mobile SSO Agent sends the user name, password, and Client Registration Handle to the Mobile and Social server for validation.
- Mobile and Social Server responds with a User Token as a result of the above process and this token is further utilized by the calling mobile application to request for an Access Token.
- After fulfillment of Access Token by the Mobile and Social server, the business mobile application can leverage this token to make calls to the resources/enterprise applications protected by Oracle Access Manager or Oracle Enterprise Gateway.
The Authorization is taken care of by Oracle Entitlements Server (OES) which is driven by policy-based configurations. OES manages authorization for mobile devices and application with the help of 'mobile device context' which is nothing but a type of 'Identity Context' attribute.
Identity Context is made up of attributes known to the multiple identity and access management components involved in a transaction and it is shared across Oracle’s identity and access management components
Single Sign On
With SSO in place, user can multiple mobile applications on the same device without having to provide credentials for each application. Mobile SSO can be leveraged by both native and browser-based applications. A mobile application installed on the mobile device needs to be designated as a mobile SSO agent in order for mobile bases SSO to work.
- The Mobile SSO agent application acts as a mediator between the Mobile and Social server and the other applications on the device that need to authenticate with the back end identity services.
- It orchestrates and manages device registration, risk based authentication.
- Ensures that the user credentials are never exposed to the mobile business application.
- It can time-out idle sessions, manage global logout for all applications, and help in selective device wipe outs.
Oracle Adaptive Access Manager (OAAM) policies are executed by the OAAM Mobile Security Handler Plug-in.
- The OAAM Security Handler Plug-in creates two security handles
- oaam.device handle, which represents the mobile device
- oaam.session handle, which represents an OAAM login session for a client application
- The above mentioned 'handles' drive the 'device registration' process
- OAAM policies can be configures to force device registration process to require Knowledge Based Authentication (KBA) or One Time Password (OTP)
Oracle Mobile and Social leverages adaptive security measures such as OTP by delegating to specialized components such as Oracle Adaptive Access Manager (OAAM)
Lost or Stolen Device Management
The Mobile and Social service works hand in hand with OAAM and counters these risks by providing a way to tag a device as lost or stolen and then implement policies that are designed to be invoked when a compromised device tries to gain access to sensitive resources via the mobile applications.
- If the device has been reported lost or stolen, OAAM can be configured to challenge a user before providing access to the mobile applications and its associated data.
- OAAM policies can also be designed to wipe out the device data if the device attempts to communicate with the Mobile and Social server after being reported lost or stolen.
- OAAM policies can be configured to protect against 'Jailbroken' devices and wipe out the data. Mobile and Social service needs to be configured with jailbreak detection on.
Internet Identity Services allow Oracle Mobile and Social to act as a relying party and leverages authentication and authorization services from cloud providers. Mobile applications can consume Social Identities securely and customers to federate easily with social networking sites
These services benefit the end users as well as the developers
User centric - The users are presented with convenient multiple log-in options and can use their existing credentials from cloud-based identity services to log in to mobile applications.
Rich OOTB support - Currently, OAMMS supports major Social Identity Providers such as Facebook, Google, LinkedIn, Twitter, Yahoo, Foursquare and Windows Live
Extensible - Developers can add relying party support for additional OpenID and OAuth Identity Providers by implementing a Java interface and using the Mobile and Social console to add the Java class to the Mobile and Social deployment.
Oracle Mobile and Social services can be easily extended to support other service providers, thanks to its flexible architecture based on 'Open' standards such as OAuth and OpenID
- A protected application is accessed by the user which in turn is intercepted the WebGate.
- The Mobile and Social server presents a login page to the user after OAM analyses the authentication policies applicable to the resource.
- The login page presents a menu of Social Identity Providers (e.g. Facebook) and the user is redirected to the login page for the selected Social Identity Provider
- The user types a user name and password into the Social Identity Provider's login page which is validated by the Identity Provider redirects the control back to the Mobile and Social server.
- The Mobile and Social server further processes the Identity assertions supplied by the Identity Provider and after retrieving user identity information, redirects the user's browser to Access Manager. This time HTTP headers in the page request provide Access Manager with the user's authentication status and attributes.
- Access Manager creates a user session and redirects the user to the protected resource
User Profile Services
User Profile Services allows mobile applications to perform a variety of LDAP compliant directory server tasks.
- Directory administrative tools can be created wherein an authorized administrator can invoke CRUD operations on users and groups, manage passwords and entities like managers etc.
- Corporate or community white pages are another common application using User Profile services.
- These services are inherently secure and protected by either an OAM token or a JSON Web Token (JWT), and they can also require device and application registration
- OOTB support for seamless integration with popular LDAP compliant directory servers such as Oracle Directory Server, Oracle Internet Directory, Oracle Virtual Directory, Active Directory etc
SDKs and REST APIs
SDKs help developers embed identity security features into mobile applications and promote usage of existing identity infrastructure services.
- They promote ease of development of mobile applications by serving as a security layer and driving features like authentication, authorization, user profile services and secure storage.
- The SDKs also serve as an 'abstraction layer' which allows system administrators to add, modify, and remove identity and access management services without having to update mobile applications installed by the user.
- OAMMS provides dedicated APIs for each of its feature categories, namely, Mobile, Internet Identity and User Profile services
Oracle Mobile and Social Services provides separate client software development kits (SDKs) for Apple’s iOS and Google’s Android.
The SDK functionalities are segregated into four distinct modules
- Authentication Module - Processes authentication requests on behalf of users, devices, and applications.
- User Role Module - Provides User Profile Services that allow users and applications to get User and Group details from a configured Identity store.
- REST Handler Module - Provides access to REST web services and automatic injection of tokens for Access Manager protected REST web services.
- Cryptography Module - Provides simplified APIs to perform cryptography tasks like hashing, encryption, and decryption.
- Secure Storage Module - Provides APIs to store and retrieve sensitive data using the preferences storage of Android.
Generic REST API
Oracle Mobile and Social Services exposes its functionality through a consistent REST interface thus enabling any device capable of HTTP communication to send REST calls to the Mobile and Social server. These can be leveraged when it is not possible for to utilize the SDKs directly for communicating with the Mobile And Social backend components.
Oracle API Gateway (OAG) acts as a filtration layer for inbound for REST calls into the Mobile and Social server. It integrates seamlessly with OAM and OES to provide authentication and access control.
In the Mobile and Social solution context, OAG provides services such as
- Validating JSON Web Tokens (JWT) embedded within REST calls
- Mapping of XML to JSON for consumption by mobile devices
- Validation of HTTP parameters, REST query and POST parameters, XML and JSON schemas
- Protection against Denial of Service (DoS), SQL injection, and cross-site scripting attacks.
- Auditing and logging web API usage tracking for each mobile client.
OAG and OES leverage their individual capabilities to provide context-aware authorization of mobile business transactions, authorization for REST APIs, and selective data redaction in the response payload.
Sequence of steps involved in OES powered authorization and 'redaction' process
- A mobile application request which is intercepted by OAG delegates authentication to OAM.
- OAG leverages an integration adapter called OES Java Security Service Module (SSM). to interact with OES to authorize the request.
- After successful authentication and authorization, the user is granted access to requested resource (business application).
- Further authorization is driven by OES based on configured policies and it might end up in 'redaction' of some confidential information from the response.
- OES thus provides the 'redacted' response to OAG which further propagates it back to the requester
OAG and OES working in tandem
I hope you have gained a fair idea of the challenges which enterprise mobility requirements poses and the various options which Oracle FMW product suite has to offer to modern day organizations to empower and enable to them overcome these hurdles and successfully mobilize their workforce. Customers who are already utilizing products such as Oracle Access Manager and Adaptive Access Manager can easily leverage Oracle Mobile and Social to extend the same security capabilities to mobile applications. Our final post will introduce you to the nuances of Mobile Device Management (MDM) for facilitating secure BYOD programme in the 'Cloud'.
About the Author
Abhishek Gupta is a Senior IAM Engineer at Simeio Solutions. He has over 5 years of experience in the IAM space and has been involved in design, development and implementation of IAM solutions for Simeio's customers with a prime focus on Oracle IAM Suite.
Tuesday Dec 03, 2013
By Greg Jensen on Dec 03, 2013
One of the major challenges facing every enterprise in the Bring Your Own Device (BYOD) age is how to maintain control of the devices used to access proprietary data. In this post, the second in our four-part series on BYOD and the changing mobile landscape, we’ll take a look at this issue in more detail.
It’s difficult to overstate the challenge. As organizations enable broader access to more and more information – including highly valuable and sensitive intelligence and intellectual property – they need to ensure that the devices used to access that information are secure, that the devices can be remotely managed and de-authorized, and that information on those devices can be destroyed or disposed of securely. But at the same time, the rise of BYOD means giving up a large measure of control over those devices because they are no longer owned by the organization but rather by individuals who maintain full control and authority over them.
In just a few short years, we’ve moved from uniform, company-owned desktops tethered to the office to diverse, individually-owned mobile devices that can literally be taken – and lost – anywhere in the world. This mobile revolution has enabled an entirely new kind of workforce and unprecedented productivity and business opportunities, but it has also created a concomitant surge in risk. Addressing this risk has become an organizational imperative, which is why Mobile Device Management (MDM) has become a high priority at most enterprises.
A Plethora of Platforms
When you consider all the moving pieces that are involved in mobile computing – multiple hardware device types and manufacturers, operating systems, applications, telecommunications carriers, and supporting back-end infrastructures – the challenge of securing your mobile devices can seem all the more daunting.
Most enterprises would consider securing the platform vendors, hardware providers and telecommunication carriers to be “out-of-scope” due to the sheer volume of platform vendors and the telecommunication carriers that provide the backbone service to users across continents. It is far more practical to control and enforce restrictions on the individual devices.
In the early days of mobile computing, organizations could select a single platform to support (e.g. Blackberry), which made the job far more manageable. The adoption of BYOD, however, means you’ll need to support a wide variety of platforms, including Google Android, Apple iOS, Microsoft Windows and Blackberry, the four primary players at the moment.
There is no right or wrong platform when it comes to addressing security and MDM. Each platform comes with its own set of features, benefits and associated risks:
- Blackberry : The Blackberry has enjoyed tremendous popularity among IT organizations. The Blackberry software provides enterprises with servers and software that offer unparalleled remote management capabilities, but it comes at a cost. Blackberry has also recently lost significant market share to competitors, and many are questioning its survival.
- Apple iOS: Many consider the iPhone and iPad to be the most innovative products when it comes to revolutionizing the mobile industry. Unfortunately, many also consider iOS to be one of the weakest platforms when it comes device management. While the ability to deploy and distribute apps is a breeze, managing these devices remotely could prove to be a quite a challenge. Apple has responded to this criticism with a new OS version and hardware with improved security and integrated MDM features.
- Google Android: Android is by far the most popular platform as measured by market share. However, it is also known for its notorious variety of devices and flavors of operating environments. Even with the diverse array of OS options available, some Android devices come with enterprise grade software services that enable remote management (although some do not).
- Microsoft Windows: Microsoft is a well known player in the mobility space, but the reliance on third party toolsets, systems and servers to manage devices by leveraging the vendor published device management protocol make it a complex deployment.
Despite the pros and cons, organizations today must be ready to support any and all of these platforms without compromising the organization’s security. Securing the devices, the application and the data that these devices hold goes way beyond simple authentication platforms that are currently in place. There is also the need for compliance enforcement to ensure that each of these devices are secured and do not in any way become a pathway for exploits and intrusions into larger systems that form part of an enterprise’s proprietary infrastructure.
Past, Present and Future
As device adoption changes over time, it is crucial to be prepared to address these evolving changes as they occur. An oversized platform may reduce in size as time rolls by. Your organization might currently have predominantly iOS and Android devices, but could change to a predominantly Windows based service as time evolves, or vice versa. It is important to acknowledge these evolving patterns and gear up for an ever evolving device adoption strategy.
The current market adoption of the various platforms has Android at 61%, iOS at 20.5%, Windows at 5.2%, Blackberry at 6% and Other devices at 7.3%.
However, there is a huge difference between the overall market share and enterprise use, where Blackberry – despite its fall from grace with consumers – continues to be a dominant player. BlackBerry still has a market share of about 38% among businesses with more than 10,000 employees, as well as more than a 33% share in government and financial institutions . But this appears to be changing rapidly.
This is exactly the kind of situation where a good MDM strategy would enable organizations to traverse any change in market dominance that may occur over time. Adoption and market share also tend to vary by geographic region. For example, Android adoption could be very high in Asia Pacific while relatively low in North America. Therefore it is necessary to also look at an organization’s geographic employee dispersion ratio while building a strong MDM strategy.
By 2015, it’s projected there will be 7.5 billion mobile devices globally. By 2016, it is estimated that global mobile device usage will grow by 20% in the Android space, 10% in the iOS space, 30% in Windows phones, and 3% more Blackberry users. According to a recent Forrester Research Report, mobility and BYOD programs in use by North American based information workers are expected to triple by 2014. Also, the use of tablets at work is rising at an exponential rate. Today there are 50% more tablets being used in the enterprise than just a year ago.
The bottom line is that the future could hold anything. It could be an exponential increase of one of the aforesaid platforms or an emergence of a new platform altogether. You must be ready in any case.
An Effective MDM Strategy
Building an effective MDM strategy is of great value to any enterprise. We believe there are three key criteria when chosing or developing an MDM solution:
1) Develop a single, unified solution with the flexibility to address virtually any device or platform.
Given the rapidly shifting market shares and already large and rapidly growing number of mobile devices, it would be a Sisyphean task to maintain one device management tool per device. A better strategy is one that has a broader focus on converging technologies that power a variety of devices.
Having a unified MDM service allows for global policy enforcements. It also allows for rapidly provisioning and de-provisioning devices onto the network with split liability – where individuals agree to cede some control over their personal device, often in exchange for a stipend or sharing of expenses with the enterprise.
Such a unified MDM service gives employees more control over which devices they are allowed to bring in. It also gives employers more control over what these devices can do when on the corporate network.
2) Cover the complete lifecycle – especially in between the two endpoints.
- Control what runs on the device when connected to the corporate network
- Determine whether security protocols have been adhered to
- Do an over-the-air (OTA) update of an applications, configurations or device firmware
- Support audit requirements
- Track the location of the devices themselves
3) Look to the cloud
Organizations embracing “cloud computing” have been steadily increasing, which comes as no surprise with the increased growth in the mobility space. Cloud based Mobile Device Management solutions have emerged as well, which organizations can leverage in tandem with their internal cloud transformation processes.
Prioritizing investments in effective strategies not only allows for on-boarding a new MDM platform at a much rapid pace, but also helps ensure the security and integrity of systems that the organization exposes to the cloud in addition to the devices that are now onboarded into the organization’s network.
MDM Best Practices
At Simeio Solutions [http://www.simeiosolutions.com/], we’ve established a set of best practices to help our clients implement a successful enterprise MDM strategy. These include:
- Enablement for a multi-platform, vendor-agnostic device on-boarding. Even so, enterprises should allow only the mobile devices that have the best possible control and security built in.
- A strong security policy. Enterprises must strive to employ a good encryption methodology, which is a key to building a strong security policy. Device encryption methods can help encrypt the local storage, but enterprises must ensure that it covers all the risk areas including the internal and external systems as well.
- Maintain a device registry. Take a periodic inventory of all the devices connected to the corporate network.
- Remote over-the-air updates. It is essential to Identify unusual situations such as jail breaks, lost devices, device theft, number of repeated failed login attempts or failure to connect to the network for lengthy periods (e.g. more than a month), and enabling those mobile devices for remote wiping, automatic padlocking and account locks.
- Maintain an application white-list. Tentative white-listing of applications allows only authorized software to be installed on the mobile devices and prevents the malicious software from entering the corporate network.
- SSL and VPN Connectivity. Enterprises should employ VPN access to enjoy the benefits of shared networks without any security concerns in transmitting sensitive data over the internet, since VPNs encrypt the data in transit.
- Regular security updates and patches. Enterprises need to ensure that the mobile devices connected to their corporate network are installed with regular security updates along with updates of new upgrades and patches for the mobile operating systems (iOS, Android OS, Blackberry OS, etc).
- Deploy intrusion detection and prevention systems (IPS/IDS). IPS helps to proactively respond to security threats initiated on the corporate network by smartphones and tablets. Enterprises could extend their existing IPS systems to monitor mobile devices and help deter risks associated with remote attacks.
MDM and Security
Addressing security is a critical component of an effective MDM strategy. Inevitably, you’ll have a laundry list of security issues that must be considered and addressed. You may need to look at security from many perspectives, including how to secure the data on the device, or the security around how a device or use is authenticated prior to enabling access to information or resources, and even how the data being transmitted is secured from tampering and ensuring confidentiality.
Security as it pertains to MDM involves encryption algorithms such as RSA, MD5, and AES. It also involves token services like HOTP, OATH, TOTP. You will need to pay attention to protocols such as HTTPS, LDAPS, and other secure means of transmission. There are also session handlers, Two Factor authentication services, secure delete, and device management capabilities including remote wipe, remote lock, and remote install.
The three major component of a strong MDM security framework are:
- Data Access Security Mechanisms
- User and Device authentication
- Authorization and policy enforcement
- Integration with other token services that leverages existing identity management infrastructure services to access services such as Salesforce.com or Box.net
- Encrypt data at rest, both on the device as well as on the server side applications and service components
- Secure delete and the ability to overwrite existing data
- Protection of keys credentials and tokens used to decrypt data and make the data available for use
- Establishing a secure connection between the device and the company’s infrastructure
- Creating and managing sessions for required set of transactions
- Handling HTTP requests in the appropriate manner
- Encryption of data transmitted over the channel
Bring it all together
Scaling to support all of the possible mobility enabled devices could incur significant hardware costs and create management complexity. Even though scalability may seem like a distant concern for some enterprises, the proliferation of mobile devices and applications growing at the current rate will make that concern a reality sooner than later. Enterprises will do well to incorporate long-term scalability requirements into their plans early on.
Luckily, a variety of solutions have emerged to help organizations meet this challenge. Oracle, for example, has a suite of tools that can make it easier for organization to deploy a strong MDM solution. They can even make it easy for employees to onboard their own devices to the corporate infrastructure in split liability mode.
Oracle Beehive is one such tool. It provides an integrated set of communication and collaboration services built on a single scalable, secure, enterprise-class platform. Beehive allows users to access their collaborative information through familiar tools while enabling IT to consolidate infrastructure and implement a centrally managed, secure and compliant collaboration environment built on Oracle technology.
Oracle Utilities for Operational Device Management is another example. It was developed by Oracle solely for the purpose of meeting the needs of asset management for “smart devices.” The software manages devices such as meters, access points or communication relays and communication components attached to various devices that are too complex for traditional asset management systems. It handles critical functions, such as managing and tracking updates and patches, as well as supporting governance and regulatory audits and smart grid Network Operations Center (NOC) processes.
Oracle Platform Security provides an abstraction layer in the form of standards-based application programming interfaces (APIs) that insulate mobile app developers from security and identity management implementation details. With OPSS, developers don’t need to know the details of cryptographic key management or interfaces with user repositories and other identity management infrastructures. Thanks to OPSS, in-house developed applications, third-party applications, and integrated applications benefit from the same, uniform security, identity management, and audit services across the enterprise.
These are just a few examples of the tools available that can help you design and deploy an effective MDM solution. In our next post, we’ll take a look at Mobile Access Management, another key aspect of managing mobile devices in the BYOD age.
About the Author:
Rohan Pinto is a Senior IAM Architect at Simeio Solutions who is responsible for architecting, implementing and deploying large-scale Identity Management, Authentication and Authorization (RBAC, ABAC, RiskBAC, TrustBAC) infrastructures with specific emphasis in Security.
Monday Nov 25, 2013
Sunday Nov 24, 2013
By Naresh Persaud-Oracle on Nov 24, 2013
Governments have often been the slowest to adopt new technologies - not any more. This video from the UK government's digital services strategy shares a vision for citizen services that will inspire. This phenomenon is not isolated to the United Kingdom. Across the world citizens are paying more in taxes and demanding better services. All of this is changing the way governments are thinking about security. The new experience is cross channel: mobile, social and online. If we are lucky we may never have to go back to the department of motor vehicles again.
The Pressure to transform:
Monday Nov 18, 2013
By Greg Jensen on Nov 18, 2013
Mobile computing has proven to be a game changer, revolutionizing the way we work, communicate and connect. Arguably, this revolution can trace its roots back to the ‘Personal Computer’, which freed individuals and organizations from the centralized mainframe operating model and we haven’t looked back since then. But what’s remarkable about mobile computing is the unprecedented pace of change and innovation it has brought about. Mobile devices are penetrating and transforming businesses today far faster than any previous generations of computing technologies ,including laptops and desktops.
Today, "going mobile" means a lot more than just modifying the content to fit a browser on a small screen size. Infrastructures can no longer afford to limit remote or mobile access to browser-based functionality. Users need access to more applications and data, from a wider variety of mobile and wireless devices.
Mobile device capabilities have reached new heights, which in turn has spurred demand for rich mobile applications that require access to private enterprise data in order to deliver functionality. These applications have become indispensable tools for end users. They are being inextricably woven into day-to-day business operations in an effort to improve productivity. In spite of the complexity, these devices are becoming a critical component of the computing environment because of their versatility.
Perhaps the single biggest driver of the mobile revolution has been the widespread adoption of “Bring Your Own Device” or “BYOD.” BYOD is the policy of permitting – or even encouraging – employees to bring personally owned mobile devices (laptops, tablets and smart phones) to their workplace, and to use those devices to access privileged company information and applications. Seemingly overnight, BYOD has supplanted the traditional policy of permitting only “corporate-liable” or “CL” devices, those that are owned and issued by the company.
The Benefits of BYOD
BYOD fosters business process efficiency by allowing employees to complete their tasks at any time and from anywhere – whether they are sales representatives, technical analysts in the field, customer-facing employees, manufacturing reps and the like. Every one of these employees needs access to data, which can enable them to make the right decisions, answer queries, come up with proposals, close deals and execute other vital tasks.
The benefits of BYOD include:
Improved workplace flexibility and productivity with secure "anytime, anywhere" access for employees. It promotes employee satisfaction. It also increases effective employee work hours in small increments per week, which in turn translates to a greater throughput from the workforce.
Increased sales revenues from quick, reliable access to business-generating applications on employee-owned devices.
- Competitive appeal for market leadership and recruiting. Adopting innovative technology solutions such as mobility is valued by organizations for maintaining competitive positioning in their respective marketplaces.
- Reduced costs for acquiring, distributing and replacing corporate-liable (CL) devices.
- Reduce complexity and costs from internally maintaining the mobility infrastructure.
- Decreased help desk support with a reduction in the number of inbound calls for CL devices.
- This is definitely not an exhaustive list, but it covers the common factors fueling BYOD adoption.
Imminent Challenges and Risks
It's not too difficult to lose a smart phone or tablet, resulting in confidential data being exposed to non trusted entities. Thus, accessing and storing corporate data on private devices presents unique security challenges to the enterprise.The IT security team and the CIO office are now dealing with questions such as:
Do our enterprise applications qualify as “secure” and “cloud ready”?
- How do we manage security of the enterprise applications in a scenario where a plethora of mobile devices connect to them for accessing sensitive data?
- How can my company enable social trust as a means of connecting to customers and employees?
- What about securing the digital and intellectual property which has been exposed as a result of the BYOD scheme?
- Some of the inevitable challenges for organizations adopting BYOD include:
- Handling the deluge of BYOD demand (tablets, smart phones, smart watches and more)
- Adapting to costs and risk that are no longer "per user" but rather "per device"
- Avoiding the risk of revolt when applying corporate lock-downs and restrictions on devices owned by the employee
- Addressing the increased threats associated with mobile
- Obtaining increased budget to address the risk of mobile
- Configuration management to reduce vulnerability exposure
- Adopting configuration management to reduce vulnerability exposure
- Managing what apps are allowed
- Determining how to track and manage a personal device the same way as a CL device without violating personal privacy
- Using mobile as an "enabling" component to the business instead of a roadblock
There are four primary areas that are putting consumers and enterprises at risk on mobile platforms:
- Access based attacks – Privileged users who have access to more data than they should, or are using legitimate access to steal confidential data, and share or use it in ways that negatively affect the organization.
- Device Loss – The loss of a corporate or personal device that contains confidential data on the device, or within secondary memory, due to loss or theft of the device.
- Rogue malicious apps – Applications that have been compromised by attackers and posted on various app stores that contain hidden payloads that steal data, initiate connections, commit outbound toll-fraud or are used as a launching point for attacks inside a trusted corporate network.
- SMS Attacks – Unwanted inbound SMS messages from attackers that trick users to take actions that can lead to installation of code or to increased carrier based charges.
Identity and Access Management to the Rescue
Luckily, corporations facing these risks and challenges don’t have to go it alone. The field of Identity and Access Management (IAM) has evolved just as rapidly with solutions designed to address key aspects of BYOD adoption:
- Mobile Device Management (MDM)
- Mobile Identity Management (MIM)
- Mobile Application Management (MAM)
IAM solution providers, including our company, Simeio Solutions, have seen tremendous growth in these areas, with new tools, technologies, methodologies and best practices designed to help organizations adopt BYOD securely and effectively.
The need of the hour is seamless and secure digital connectivity for cloud and mobile integration in order for BYOD to prosper.
Here is where a product like Oracle Mobile and Social Access Management comes into the picture. Oracle Mobile and Social Access Management is a solution which enables an organization to secure mobile access to their enterprise applications. It includes a server which acts as a “secure wall” between external mobile client applications and the enterprise applications and data stores (which the mobile applications eventually access) by leveraging the existing back end identity infra services in order to regulate the interaction between both entities.
Oracle Mobile and Social Access Management Offerings
The Oracle Mobile and Social Access Management solution includes features in each of the following key areas: MDM, MIM and MAM.
Mobile Device Management
Device Enrollment – Oracle Mobile and Social Service components enforce device registration as a prerequisite to granting access to sensitive enterprise applications/data. A “Client Registration Handle” is used to process first-time device registration post user authentication via the Mobile and Social server.
- Device Fingerprinting – Mobile and Social Access Server leverages the service from Oracle Adaptive Access Manager (OAAM) in order to deliver functionality such as Device Fingerprinting. OAAM provides capabilities such as One Time Password (OTP) and Knowledge Based Authentication (KBA) based on policies and risk assessments.
- Device Blacklisting – Oracle Mobile and Social Access Services address the inherent risk of smart phone thefts. It provides capabilities to blacklist/block insecure devices and/or wipe out sensitive security information on the device as per threat levels.
Mobile Identity Management
- Mobile User Authentication – Oracle Mobile and Social Services facilitate delegation of mobile user authentication to existing and trusted components such as Oracle Access Manager (OAM) and Oracle Adaptive Access Manager (OAAM for strong authentication)
- Mobile User Authorization – Oracle Entitlements Server (OES), a fine grained authorization server, is leveraged to provide authorization services for mobile users based on its policy driven decision engine in order to enforce appropriate access for mobile users to backend enterprise applications.
- Social Identity support – Oracle Mobile and Social Services facilitates the usage of social internet identities such as Facebook, Twitter, Google, LinkedIn, etc., for signing on users to less sensitive applications. Many of these providers are based on open standards such as OpenID and OAuth, and this in turn can be leveraged to provide rich user experiences.
Leveraging Social Identities
Mobile Application Management
- Mobile Apps Single Sign-On (SSO) – A mobile user can run many mobile applications on the same device without having to authenticate to each application individually. The out-of-the-box software development kit (SDK) shipped as a part of Oracle Mobile and Social can be used to build and configure Mobile SSO agents which can be used as a centralized point from where authentication and SSO can be managed.
- SSO functionality is also available to web based applications in addition to inter-application SSO.
- Application Registration – In order to strengthen mobile application security, Oracle Mobile and Social services ensure application registration before allowing access to sensitive data housed within enterprise applications.
Oracle Mobile and Social Access: The Big Picture
Mobile computing is here to stay. Along with its many luxuries, its penetration has introduced new complexities and challenges to organizations. They cannot afford to fall back on user awareness and user agreements to provide security. The question is no longer about allowing or denying mobile access. The question for today is about effective management.
This post is just the first in a 4-part blog series. In our next post, we’ll have in-depth coverage of Mobile Device Management (MDM).
About the Author
Abhishek Gupta is a Senior IAM Engineer at Simeio Solutions. He has over 5 years of experience in the IAM space and has been involved in design, development and implementation of IAM solutions for Simeio's customers with a prime focus on Oracle IAM Suite.
Friday Nov 08, 2013
By Greg Jensen on Nov 08, 2013
Is your organization just starting your planning for Identity Management 11gR2? Are you unsure what the technical and business value gains are, in upgrading to Oracle's 11gR2? Or are you planning for the upgrade and just unsure of what to expect?
In this webinar, experts from Oracle and AmerIndia will discuss the new features of 11gR2, latest market trends, and how IAM transforms organizations. In addition, planning and implementation strategy of the upgrade process will be discussed. The presenters will also share success stories and highlight challenges faced by organizations belonging to different verticals and how Oracle’s solutions and AmerIndia’s services addressed those challenges.
- Market trends and 11gR2
- Planning an upgrade
- Approach and Implementation Strategy
- Success stories
Wednesday Oct 30, 2013
By Greg Jensen on Oct 30, 2013
For Registration and Information, please follow the link HERE
Sign up for one of the following events below
Americas - Tuesday - November 19th / 9am to 1pm PDT / 12pm to 4pm EDT / 1pm to 5pm BRT
APAC - Thursday - November 21st / 10am - 1:30pm IST (India) / 12:30pm - 4pm SGT (Singapore) / 3:30pm -7pm AESDT
EMEA - Tuesday - November 26th / 9am - 1pm GMT / 1pm - 5pm GST / 2:30pm -6:30pm IST
Wednesday Oct 09, 2013
By Naresh Persaud-Oracle on Oct 09, 2013
Every business is looking to take advantage of the new digital experience to connect with customers. This has become the new strategic imperative of companies all around the world. A recent article in the Sloan Management Review provides some insight into the barriers organizations are facing as they embrace the digital transformation.
For many customers, trust is an important barrier to engaging. Ease of use without security and trust is not enough to get customers to participate. For a more detailed analysis or bedtime reading on how the trust deficit reduces business activity, this Wall Street Journal Article on "How the trust deficit is hurting our economy" provides some good evidence. The net is that our level of economic activity is directly related to our level of trust in the institutions we do business with from banks to retail stores online.
For many organizations, security and trust are the major barriers to enabling customer participation in the digital revolution. The video below was recently created by the customer experience campaign to highlight how experience is critical to customer loyalty.
Friday Oct 04, 2013
By Greg Jensen on Oct 04, 2013
As more organizations develop mobile applications that access ever increasing levels of sensitive data, it is critical that standard security policies can be applied, whether coding native, hybrid or mobile browser-based applications. This session, from OpenWord 2013, will teach you how to code your mobile applications to gain access to Oracle's Mobile Access Management services including device registration, authentication, authorization, step-up authentication and single sign-on. If you missed this, or would like a second opportunity to see this presentation in slide form, join us by checking out "Developing Secure Mobile Applications" today.
Tuesday Oct 01, 2013
By Naresh Persaud-Oracle on Oct 01, 2013
A recent Cisco report estimates by 2020 there will be more than 50 billion devices world wide while the human population will still be under 8 billion people. This short term trend will change the landscape of identity and access management and change the security requirements of enterprises everywhere. While today security executives are concerned with mobile phones and laptops, tomorrow they will be concerned about automobiles, aircraft and projectors on their networks. Each device is a new identity and each user that interacts with the device has a separate context. As a reference, see the paper Identity at Internet Scale Here are some of the new security requirements:
- Multi-user devices
- Dynamic user volumes
- User authentication on the device
- Service availability
- Encryption of data at rest and in flight
- Secure container on the device
- Device authentication
- User authentication
The devices themselves will interact very differently since they must now communicate with other devices and humans. Here is a great youtube video that paints a very interesting and perplexing picture of the future.
From the video, a few interesting things happen.
- The device communication is very personal and follows our social media conventions
- The devices must trust the people involved in the interaction and people have to trust the devices
- The scale of the interaction grows geometrically as more devices and users collaborate
Here are the slides from the recent CSO Summit at Open World. Oracle's approach is a singular platform for all devices that manage device identity and user identity.
Oracle OpenWorld 2013: Leveraging the Cloud to simplify your Identity Management implementation (CON8836)
By Greg Jensen on Oct 01, 2013
Applications moved into a managed cloud environment need Identity and Access Management services to ensure user accounts, passwords and roles are all managed properly for the purposes of Security and Audit. In this session, we’ll discuss the key considerations for a Hosted Private Cloud deployment of Oracle applications integrated with Oracle Identity Management Suite to provide self-service account provisioning and federated Single Sign-on (SSO) for an organization’s internal and external users. You will also hear from a customer on how their key business requirements were addressed with Managed Identity Services from Oracle running at Oracle. This was one of many of highly attended conference sessions at this year's Oracle OpenWorld 2013. If you missed this, or would like a second opportunity to see this presentation in slide form, join us by checking out "Leveraging the Cloud to simplify your Identity Management implementation " today.
By Greg Jensen on Oct 01, 2013
With new computing technologies to transform business, is your underlying directory infrastructure ready to support mobile, cloud and social networking? How can I simplify my directory architecture but deliver high scalability, availability and performance? How to leverage directory to easily make your applications location aware and social relationship aware? How do I migrate existing directories to OUD? How to optimize OUD performance on T5/ T4 hardware? This was one of many of highly attended conference sessions at this year's Oracle OpenWorld 2013. If you missed this, or would like a second opportunity to see this presentation in slide form, join us by checking out "Next Generation Optimized Directory" today.
Monday Sep 30, 2013
By Greg Jensen on Sep 30, 2013
Access governance has become more complex
as regulations have increased and audit controls now span multiple
applications. Audit requirements for single applications are simple by
comparison to multiple system requirements. As the number of applications increase,
streamlining becomes more important. In this session, David Cusick, Group
Information Security Director at Zurich Insurance, shares his learning
experiences from streamlining access governance. Join David for an encore presentation of this webcast, hosted by ISACA.
Friday Sep 27, 2013
By Greg Jensen on Sep 27, 2013
John Houston Vice President of Privacy and Information Security, Associate Counsel at UPMC & President of CloudConnect Health IT presents this informative webinar, as he discusses how IdM allows health care organizations to securely unlock the potential of health care IT. Join us for this encore presentation with John Houston!
Monday Sep 23, 2013
By Greg Jensen on Sep 23, 2013
Is your organization emphasizing an approach of developing privacy and security within every aspect of your application architecture? Are you a software developer struggling to understand how to merge privacy and security into your code? Are you a systems integrator working to keep up with the latest regulatory, compliance and privacy needs and how to merge this into your customers? Or are you a corporate CISO/CIO wanting to understand how your organization should be developing the strongest Privacy and Security processes?
Today, we are pleased to announce publication of a paper entitled “Privacy and Security by Design: An Enterprise Architecture Approach,” written by Ann Cavoukian, Ph.D., Information & Privacy Commissioner, Ontario, Canada, and co-authored by Mark Dixon from Oracle.
In the foreword to the paper, Dr. Cavoukian wrote:
In an earlier paper with Oracle, we discussed the convergence of paradigms between the approach to privacy I have long championed called Privacy by Design, and a similar approach to security called ‘Security by Design.’ The current and future challenges to security and privacy oblige us to revisit this convergence and delve deeper. As privacy and security professionals, we must come together and develop a proactive approach to security – one that is indeed “by design.” To this end, I am delighted to be partnering with Mark Dixon, Enterprise Architect, Information Security, at Oracle Corporation, on this joint paper.
This paper has two key objectives:
- Define a set of foundational “Security by Design” principles that are modelled upon and support the 7 foundational principles of Privacy by Design.
- Illustrate an enterprise-level process for defining and governing the strategic journey of Security by Design through an enterprise architecture approach.
To achieve these objectives, the paper includes the following major sections:
- Foundational Principles of Privacy by Design
- Foundational Principles of Security by Design
- The Enterprise Security Journey
This is a great opportunity to hear some of the best practices being recommended by both Oracle, and leading government agencies to understand how Privacy and Security should be factored in, across the board.
Click on the link, to get access to the Privacy by Design page which is hosting not only the whitepaper, but a great video with Ann Cavoukian, outlining some of what you will learn in this paper. We hope this paper will assist developers, integrators and enterprises to deliver stronger security and better privacy, for all of their stakeholders – a win/win proposition.
Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.
- /Access Management
- /External Authorization
- /Identity Administration
- /Identity Management
- /Identity and Access Governance