Monday Apr 29, 2013

Centrica webcast follow up - key takeaways and Q&A

Thank you to everyone that joined us on Thursday, April 25, 2013 for the Centrica webcast.  Chris Wilton, Senior Project Manager at Centrica, and Ben Bulpett from aurioPro SENA were the guest speakers.

If you missed the webcast, you can register for the replay here: Centrica Webcast Replay

Here are a few of the key takeaways that were discussed during the webcast:

Key Business Drivers:

  • Centrica needed to simplify log on to SAP, which is a critical business app
  • Wanted to reduce the number of passwords
  • Wanted to automate password resets
  • Wanted to reduce the number of helpdesk calls
  • Centrica wanted to be able to rapidly deprovision accounts for users that leave the organization

Cenrtrica wanted contingency plans in place should an ESSO outage occur

Centrica and aurionPro SENA used several Oracle products were used to achieve the desired results, some in place before this project.  They include:

Oracle Access Manager (OAM), Oracle Virtual Directory (OVD), Oracle Identity Manager (OIM), and Oracle Identity Federation (OIF)

 The project was completed in 60 days and provided a ESSO capability for HR and Payroll, with the ability to add additional applications in the future.  Over 45,000 internal and external users now have access provided by this system.

Here are some additional questions and answers related to this project:

Who sponsored the project within Centrica?

The project was initially sponsored by the Head of IS Power Generation, due to the number of passwords that Power Station staff were required to remember. However, as the requirement for a truly enterprise solution became more pressing, the sponsorship moved into the SAP Competency Centre.

Why did Centrica embark on another Identity Project after the original implementation?

The initial identity project did not implement federated identity, partially as there was an existing SSO solution within the British Gas business and there was not a requirement for an enterprise solution at the time the original ID project was put in place. Once the requirement was there to look at SSO on an enterprise level, leveraging the existing work that had been done.

How is the system managed and what service levels are required?

The solution is managed by our colleagues in British Gas, with the support element currently being undertaken by Infosys. Availability is as per the main IAM solution, with 99.5% availability and 24x7 support in place. RTO 30mins RPO 15mins

If you were to embark on the project again knowing what you do what would you change?

The intergration with the SAP Netweaver Portal v7.3 was the most challenging part of the project – we were unable to find any other company that had configured SAP Netweaver 7.3 to accept SAML 2 and initially didn’t have the necessary knowledge or resources to be able to implement this to begin with. Through a mix of extensive reading, coupled with trial and error, we were able to integrate the system. Specialist resourcing on the SAP side of things was the biggest lesson we took forward from this.

Friday Apr 26, 2013

Globe Trotters Edition: The Economic Impact of Security

Author: Ricardo Diaz

News on cyber crime recently made front page news.

Vast majority of global cyber-espionage emanates from China, report finds -Washington Post April 2013.

The economic threat of cyber crime is serious, has and will impact our daily lives and unfortunately been a threat most businesses haven't taken serious for decades. Rather, for decades, we have mis-directed our efforts to focus elsewhere as opposed to what really needs to be protected - our data or intellectual property. Economic Espionage is a threat you, your business and organizations you do business with should take a long, hard look at before your next security investment.

Mis-directed? You know what I am talking about. Consider what we think about the "real threat" of cyber crime. Some punk teenage hacker, hyped up on Redbull and Pixie Sticks, whose sole focus is to create havoc by breaking into your home PC or defacing your corporate website before he runs off to his next all night rave. This is the common portrayal of threat that we come across on media. Unfortunately this highlights a common misconception that most security threats are carried out to either hack your wallet or hack some government facility to crack into a top secret military facility.

Why would a major World Power be interested in our corporate data? Simple... It's the power of economics and competitive advantage! The economic impact of losing corporate intellectual property to a competitor, most business executives understand. What they don't understand is where is the threat coming from, if this ever happens to them and how common economic espionage attacks happen frequently and not from traditional places or people we thought.

Still, how does this impact you? Well, "everyone gets burned if you think about it", is how a fellow security mate of mine put it. The cost of data loss = loss of credibility, stock price going down, liability lawsuits, cost of compliance, brand tarnished and maybe your job. It may impact your job because not enough investment may be made in your projects, additional resources or financial incentives cut down, meanwhile as you send out your résumé, how attractive is it to put that tarnished company name on it? Not very!

Everyone is impacted!

What specifically is under attack or being stolen? It's not the devices or the systems but the data on it. What is the bigger threat? Losing your iPhone or losing the data with those passwords on it? Yes, that's right... The threat of Data loss, now more than ever, not only is on the inside of your business but now travels in our pocket, bags and purses of your employees everyday. Thank you BYOD to work!!

So, what is to be done? Secure the data by building data security controls and access controls and of course building a compliance process around it all to keep it all in check and prove compliance. Realize security is not orthogonal to business growth/profit, Security can save the cost we talked about earlier and actually create business opportunity (reach out to new customers using secure social media, attract new talent with BYOD, bring agility with secure cloud). We just need to think differently about security it is not wires, padlocks, just firewalls or multiple authentication controls; instead we should take a holistic approach to securing your data.

Hence why I love working at Oracle and with the global security team. There is no better place for a security technology aficionado than at Oracle. Massive R&D investments in security acquisitions (over $1 Billion In Identity Management since 2004), industry leading technology (Leaders position in Magic Quadrants in Identity Management for years), a plethora of thought leaders and cutting edge innovations (e.g. Oracle Mobile and Social Access Management - see SUPERVALU use case) are the hooks that have kept me planted at Oracle for the past 9 years. Where else can one find a security technology solution to enforce Separation-of-Duty (SoD) policy, automatically across the enterprise? Only Oracle.

The economic impact of security related threats to your business is real. Pay attention to WHAT is being stolen (corporate data - intellectual property) in these cyber crime attacks! In this day and age, gaining a competitive advantage has never been easier thanks to cyber espionage. Why develop or research when I can appropriate what I need via my competitors weak technology infrastructure, information security policy and process??

This risk can be mitigated and reduced, significantly, by investing in a risk intelligent, Oracle enterprise security architecture, built to Secure the Digital Experience, Data Centers, Applications and The Cloud. Learn more at www.oracle.com/security

Image Courtesy: thehackernews.com, siliconangle.com

Bio

Who is Ricardo Diaz?

Husband, father, technologist, identity management, security and privacy adroit, CrossFitter, ESPN addict and dog lover!

For the better part of my 17+ years as an enterprise security architect, consultant or business advisor, I have traveled many miles across this great planet of ours, to sit down with customers to help evaluate and better understand what the real threats are, how important it is to protect their data/users and put the proper controls/policies/processes in place to mitigate risks.

Thursday Apr 25, 2013

Securing Your Cloud Experience the IRS way

This week we have focused our attention on how to secure cloud deployments since Security continues to be the biggest deterrent in adoption of cloud technology by enterprises. In fact, in a recent OAUG user group survey, 62% of organizations reported concern over losing visibility and control over their data and overall cloud strategy due to proprietary technologies.

The key then is to:

  • Identify the top security challenges with the cloud deployment and address those,
  • Recognize that Security silos only exacerbate the problem and not address it,
  • Standardize with an integrated security platform that is extensible enough to support your on-premise and cloud deployments and offers end-to-end auditing and reporting.

Whether you are an enterprise looking to push applications in the cloud, host cloud services or build using cloud services, an IRS approach will allow you to enforce security, manage regulatory compliance and at the same time, reduce operational costs.

If you missed it, catch the screencast now.

And, download the informative whitepaper to learn how you can unlock the potential opportunities that cloud offers without compromising your user and data security. And, get the complete middleware picture on the Social, Cloud and Mobile imperative by visiting here.

Oracle Identity Management is built on the platform approach to allow you to leverage proven identity solutions across your entire infrastructure. We leave you today with a video of SaskTel, a leading communications provider in Canada, on how the company is leveraging Oracle Identity Management in-house to reduce OpEx and is also offering secure cloud services to its customers scaling the solution across millions of users.

Wednesday Apr 24, 2013

What is Your Cloud Security Forecast?

Photo courtesy: www.cloudtweaks.com

You don’t like losing control – that is human nature. In your personal life or professional – whether you are an IT architect, a manager, developer, a DBA or an executive, you never like losing control or not knowing a situation or an outcome. But a cloud deployment is exactly that – where you don’t have a 100% control over or insight into the security framework that govern your applications or data in the cloud.

The problem is further exacerbated with latency and fragmentation. If it is not the same security policies that govern your enterprise infrastructure and your cloud deployment, duplicating security policy data in multiple places will complicate policy enforcement. Fragmentation, in turn, creates latency where a change in the system is not detected or acted upon immediately making your cloud systems vulnerable. If, for example, your employee changes jobs, unless the HR system is immediately able to trigger a revocation alert/workflow across all the applications and systems – both in-house and in the cloud, you may have inadvertently allowed unauthorized (and potentially damaging) access to your applications and data.

Of course, then there is audit and compliance. If you are a financial institution your cloud has to provide reporting to address the BASEL 2 requirements or you will incur financial penalties. If your cloud hosts your General Ledger – your cloud has to provide Sarbanes Oxley (SOX) certification. If your customers are in Europe, your cloud has to comply with the European data privacy directive. How do organizations, such as yours, provide timely compliance reporting and remediation if you don’t have visibility or if recent actions aren’t immediately recorded. Fragmentation and latency, thus, impact audit and compliance reporting. Simply put, if you don’t know about it, you can’t accurately report on it.

So, if fragmentation and latency are the issues, a standardized platform must be the antidote! Having a complete, standardized security and identity management platform will allow you to enforce uniform security policies across all your resources – on-premise or hosted. A platform approach implies seamless integration within components thereby getting rid of security and identity silos. A platform approach implies interoperability so that the framework works for your complete heterogeneous infrastructure. A platform approach affords scalability- you can support thousands or millions of users across the myriad of resources. You can scale to what the new digital experience requires!

Thanks to Oracle’s large and advanced customer base, the company realized the rationale for the platform approach to Security and Identity Management early on. Oracle offers the industry’s first Identity Management platform that is proven to be extensible enough to support your internet scale.

Learn more about Oracle’s platform approach to Identity Management and how you can leverage Identity services at internet scale. Download the free whitepaper today.

And for more information and resources, visit Oracle Identity Management on oracle.com today.


Tuesday Apr 23, 2013

SUPERVALU Manages Access for 2000+ Tablet Computers to Bring Innovation in Business

SUPERVALU is a national grocery retailer and wholesaler with more than 2,200 corporate-owned stores and approximately 2,500 independent franchises. It is also one of the largest food distributors in the country, serving more than 4,300 retail end points via its supply chain and support services.

In our previous posts, we have shared with you a brief video featuring Phillip Black, IT Director for Identity and Access Management, SUPERVALU where he discussed how SUPERVALU is enabling their 2000+ store managers with iPads so they can spend more time interfacing with customers than navigating applications and inventory. Oracle Identity Management is the enabling technology for securing mobile access. We also discussed the IDC write-up on this topic and the recent announcement that was made.

Now check out this recently released snapshot that discusses how SUPERVALU is innovating business and unlocking the huge potential of social and mobile in the retail sector powered by Oracle Identity Management.

Monday Apr 22, 2013

Addressing the Top 5 Cloud Security Challenges

As we talk to organizations around the world, it is clear that most consider Cloud as the biggest opportunity today to reduce cost. To any organization, cloud offers numerous advantages – business agility, reduced operational costs, scalability, improved performance and more. With cloud deployments ranging from private to hybrid to public, the scale of benefits vary but so do the risks.

Going up the cloud continuum from on-premise to private to hybrid and then public cloud, IT’s control and visibility into security policies decreases.

Private clouds give organizations greater control over security and data privacy, compliance, and also quality of service, since private clouds can manage network bandwidth and implement optimizations that public clouds don’t allow. But much like your enterprise, risks arise from privileged access and insider threats. In the public cloud, policies are managed by an outside 3rd party which is the cloud service provider. A shared environment in the public cloud also causes security and compliance concerns. A hybrid cloud, by its very definition, encapsulates both the benefits and the risks of both the private and public clouds.

As we move through the spectrum, security policies get more and more fragmented as we duplicate policy data in multiple places. Consequently, latency also increases and risk increases exponentially. Add to that the compliance and governance issues and it is no wonder that Security continues to be the #1 barrier in cloud adoption. In fact, according to the “Private Cloud Vision vs. Reality”, InformationWeek Report, 2012, 82% of organizations say security and data privacy concerns are one of the main reasons they are phasing out, or have decided to not use, public cloud.

So, where best to focus your efforts so as to leverage cloud without risking security? A recent CSO Online survey of Chief Security officers found that the top 5 security concerns for cloud were all related to mobile data access, regulatory compliance and managing access to the data and the applications i.e., Identity Management.

Organizations that move applications into the cloud have to bridge the gap between the enterprise and the cloud by providing standardized security framework around data security and application access. Take some time to watch this brief screencast and learn how you can manage security risks, address governance issues while unlocking the full potential of the cloud.


Friday Apr 19, 2013

A Recap of Security as a Business Enabler

This week, we talked about how a Security Inside out approach enables organizations to leverage security for their cloud deployments – whether public, hybrid or private. We will continue the conversation on cloud security next week.

Today, we recap our discussion on how Security today is not just about brand and reputation protection but it is actually a business enabler. Here’s a brief screencast with Oracle product marketing director for Security, Naresh Persaud, on how organizations can leverage security today to unlock the business potential from opportunities like cloud, mobile and social.

The key take away – build security within and at the get go but make sure to have a scalable approach to security. Oracle recommends a platform approach to security where security serves as a framework for your entire infrastructure and extends to your application & data in the cloud, or accessed across any device using social or other logins. Access this whitepaper to learn how you can have Identity Management for internet scale built in your IT program.

Feedback? We’d love to hear it. Do send us your comments.

Thursday Apr 18, 2013

Centrica drives down operational cost by implementing Single Sign On using Oracle IDM

Centrica Plc is an integrated energy company operating in 7 countries including the U.K. and U.S. that supplies electricity and gas for 30 million consumer and business customers.

In an effort to drive down operational costs due to password resets for their critical business applications, Centrica engaged aurionPro SENA to help them explore the most cost effective options.

The project goals were to:

  • simplify user log on to SAP
  • reduce the number of passwords
  • automate password resets
  • reduce the number of help desk calls (related to password issues)

To find out more about the Enterprise Single Sign on system designed and implemented for this project, join us on April 25, 2013 @ 10:00 am PST for a webcast featuring Chris Wilton, Senior Project Manager at Centrica, Ben Bulpett, Alliances and Enterprise Account Director at aurionPro SENA, and myself (Darin Pendergraft, Product Marketing, Oracle)

We will discuss the project and will have an opportunity for live Q&A.

Click Here to Register! 

How to Mitigate Risk in the Cloud

Yesterday we talked about how risk varies with the type of cloud deployment with public clouds posing greater risk than hybrid or private. Thankfully, a built-in security approach offers you protection for either of those deployments. Irfan Saif, Principal at Deloitte goes through the top 5 things you need to consider to mitigate the risk in the cloud and bolster security.

Watch the 3rd in the series of CIO Insights video and get the experts’ insights to find out how to build security in your cloud strategy. Mark Sunday, Oracle’s CIO hosts the executive panel.

Wednesday Apr 17, 2013

Different Clouds Equal Different Risks

Earlier this week, I posted the first in a series of three video CIO Insights series on the Top 5 Things to Look for in a Cloud Provider When It Comes to Security.

The second video here underscores the fact that not all clouds are the same. The risk level varies based on the type of cloud deployment. The risk increases proportionally with the distance from your enterprise, meaning as you go from private to hybrid to public cloud, the risk increases substantially. So, how do you manage risk and maintain audit control across your cloud deployments?

Watch this video where Oracle CIO, Mark Sunday discusses this very issue with Gail Coury, Vice President, Risk Management at Oracle and Irfan Saif, Principal at Deloitte. Learn how secure authentication and centralized authorization play a crucial role in securing your cloud deployment.

Tuesday Apr 16, 2013

5th Annual EMEA Customer Advisory Board held in Vienna, March 18 - 20, 2013

This year the EMEA Customer Advisory Board (CAB) was held in the beautiful city of Vienna, Austria.  Representatives from Oracle product management and engineering teams met with customers from all over Europe to discuss market trends, product direction, and to get feedback on current products.

Day 1 focused on updates since the last CAB meeting, including the launch of 11gR2, the state of the IDM business, and featured updates from the Directory Team, the Access Management Team and the Identity Governance team.

Day 2 contained moderated discussions focusing on Mobile Identity Management, Cloud Identity Management, and Enterprise IDM.  The first of three customer presentations was delivered by Vodafone Romania who discussed how they are using Oracle IDM.

Day 3 contained customer presentations by BT and Turkcell, followed by breakout sessions, on topics ranging from risk management to upgrade & migration strategies.

Overall, this CAB was a very big success, and proved beneficial to both the Oracle Product Teams who collected valuable feedback from customers, and for customers to hear directly from the product teams about upcoming product road maps and direction.  Several customers also mentioned that they really enjoyed hearing about other customers' implementations and plans.

Thank you to all that attended, and a special thank you to those customers that presented! 

With You, Boston

Boston Marathon

Our thoughts and condolences go out to all affected by the tragedy at the Boston Marathon.Our tribute to the resilient city, Boston, and its brave residents.

Monday Apr 15, 2013

Top 5 Things To Look For In A Cloud Security Provider When It Comes To Security

Recent surveys confirm that security continues to be the number one barrier in cloud adoption. The impact of a security breach or failure to meet regulation guidelines is too large to ignore. So, how do you keep control of security for your data and applications in the cloud?

Cloud security is a discussion that needs to happen between you and your cloud provider. This week we tackle an important aspect of cloud security – what are the top 5 things YOU need to ask your cloud provider when it comes to security. The CIO Insights Series explores organizations' top security and risk management considerations in the cloud as well as the framework for your security discussion with your cloud provider. Here’s the first in a three part CIO Insights Series video featuring an experts panel - Oracle CIO, Mark Sunday, Irfan Saif, Principal at Deloitte and the VP of Risk Management at Oracle, Gail Coury that tackles this important topic of discussion.

Friday Apr 12, 2013

Virgin Media goes underground with Oracle IDM - webcast wrap up

On Wednesday, we told you how Virgin Media used Oracle IDM to allow everyone riding the London Underground to use their free Wi-Fi service.

Perry Banton from Virgin Media and Ben Bulpett from aurionPro SENA delivered a great webcast where they discussed how the project was funded, the architecture they chose, and how they overcame the inevitable roadblocks to deliver world class Wi-Fi to the underground.

If you missed it, register here for the replay.  http://event.on24.com/r.htm?e=558738&s=1&k=C9A6E9B7B1FD0238CF2816D5F8510694

We had some good questions about the project, so I'm putting them and the responses below:

Who sponsored the project within Virgin Media?

Mobile and Broadband Marketing teams were the main sponsors. These teams wanted to offer a value-add to the business. Providing a new service offering was compelling to the business.

With such tight timeframes what project approach did you use?

The start of the Olympics was a hard deadline, and free wi-fi was promised by the start. Agile planning, sprints, and checks were used. Short segments were rolled out. Personal devices were used to test the service, testing was very much crowd sourced – all available platforms had to be tested.

Is the service device specific?

No – a range of platforms were supported and tested. The requirement was to be device independent.

Why did you not build another large directory consolidating the back end LDAPs, instead of Oracle Virtual Directory?

There were some data ownership concerns, and the various departments didn’t want to give up management of their customer data, also they didn’t want to setup another LDAP, so a decision was made to use virtual directory technology. Virtual directory also provided a better platform for building future services.

How is the system managed and what service levels are required?

Geographically dispersed data centers were used. Performance and availability were considered a gold service within Virgin Media – which means there would be brand impact if the service became unavailable. Virgin and SENA provided real time management, with an incident response SLA within minutes of problem detection. Oracle Enterprise Manager was used to view system performance and availability.

How much of the service were SENA actually involved in?

Virgin and SENA have been working on architecture and roadmap for a long time. SENA are a gold Oracle partner with extensive experience in IDM implementations, so Virgin engaged SENA for the implementation and support services.

I'm not clear on why entitlements came into play. Were this VM customers authenticating with their email addresses? Was this not open to the general public and if so, I'm guessing you "relied" on whatever email addresses they provided?

OES came into play when VM launched the fee paying service and only wanted certain customers to gain access based upon their subscription with VM.  For the Olympics only OVD was used as a way of aggregating email addresses across the back end platform as the service was “open” to anyone with an email address

Thursday Apr 11, 2013

Drive Innovation, Get Recognition: Oracle Excellence Awards Call for Nomination

Doing something different with your Identity Management implementation? Taking your deployment beyond basic automation? Solving unique challenges for your organization? Or contributing to business growth or innovation with your Identity Management deployment? Then you are the one who we want to hear from.

The call for nomination for the 2013 Oracle Excellence Awards for Oracle Fusion Middleware Innovation is now open. Submit your nomination for Innovation in Identity Management. These highly coveted awards honor customers like you with cutting-edge use of Oracle Identity Management solutions to solve unique business challenges or create business value. Winners are selected based on the uniqueness of their business case, business benefits, level of impact relative to the size of the organization, complexity and magnitude of implementation, and the originality of architecture. Aside from recognition from the IDM community and Oracle executives, customer winners receive a complimentary pass to Oracle OpenWorld 2013 in San Francisco (September 22-26) and will be honored during a special awards ceremony at Oracle OpenWorld. 

For consideration and follow-up, please send a note to Matthew Berzinski. And note that the call for nominations closes at 5 pm PDT on Tuesday, June 18, 2013.

So, give us a shout and get recognized for your work and accomplishments. We look forward to hearing from you.

Wednesday Apr 10, 2013

Virgin Media Secures Wi-Fi for London Underground with Oracle Identity Management

In preparation for London Olympics 2012 that would bring millions of additional passengers - athletes, support crews, vendors, and spectators to London, the task of providing free, secure Wi-Fi services to the London Underground went to Virgin Media.

Virgin Media is the UK’s first combined provider of broadband, TV, mobile and home phone services. Find out how Virgin Media used Oracle Identity Management, Oracle Virtual Directory, and Oracle Entitlements Server to leverage back-end legacy systems for the London Underground Wi-Fi project; systems that were never designed to be externalized.

Learn more about the Wi-Fi project and how Virgin Media is scaling the project to deliver true place-shifting—allowing subscribers to watch pay-per-view assets from any device, anywhere.

You may also want to check out the on-demand webcast with experts from Virgin Media, their implementation partner, aurionPro SENA and Oracle to get more context. And here's the link to a recent newsletter feature on Virgin Media's IDM implementation.

Questions? Send us your comments and we will get those answered right away.

Tuesday Apr 09, 2013

#PrivQA Chat Archive Published

Last week Michael Neuenschwander, Senior Director at Oracle hosted a live conversation on Privacy on twitter. We were honored to have Dr. Ann Cavoukian, Ontario Commissioner for Information and Privacy join #PrivQA chat and contribute actively to the discussion.

The conversation centered around recent privacy news stories like the Indian Government's project, Aadhaar and the privacy concerns around that among other current topics. There was discussion on private sector's role in enforcing privacy and security by embedding it in their strategy, processes and systems. The discussion also got into the difference between privacy and security and how one may facilitate the other but not necessarily enforce it. IDM and Privacy experts and enthusiasts also discussed how and why organizations can be motivated to think about embedding security and privacy from the get-go rather than bolt those on afterwards.

Here is the link to the discussion archive. We encourage you to continue the discussion and share your feedback. And if you have other topics in mind for a discussion, do let us know!

Friday Apr 05, 2013

Yarra Valley Water utilizes Oracle Identity Management

Yarra Valley Water (YVW) is the largest of Melbourne’s three water retail businesses. Owned by the State Government of Victoria (Australia), YVW provides water supply and sewerage services to over 1.7 million people and over 50,000 businesses in Melbourne’s northern and eastern suburbs, including some recycled water and trade waste customers.

YVW needed to automate account provisioning for both its partners and end users so that they have easy yet secure online access to YVW applications. Check out this video to find out more about YVW’s use case and how Oracle Identity Management helped.

Wednesday Apr 03, 2013

Of Privacy, Security and Compliance – Facts and Such

FACT: Live tweet chat tomorrow, Thurs, Apr 4 at 10 am PDT/ 1 pm EDT, on Privacy featuring well known Privacy expert and the Commissioner for Information & Privacy for Ontario, Dr. Ann Cavoukian along with other industry thought leaders.

OPINION: Privacy is the not the same as Security which is not the same as Compliance. And yet you need all three to not only protect your brand and to manage customer relationships but also to enable business growth via traditional, social, mobile and cloud computing channels.

OPINION: The common denominator across Privacy, Security and Compliance is Context. For Privacy, you need to be up front about what you are going to disclose, to whom, for what purpose, when and via what channel(s) and perhaps the scope of disclosure too. For Security, you need to understand authentication, authorization and administration context. Who needs access to what, when, for how long? And btw, has it been verified that you are who you say you are? If not, I’d need context for your user authentication. For compliance and audit, again the question – who has access to what, approved and administered by whom, when and what the person did with that access. So, context is key!

OPINION: Contrary to popular belief, Privacy, Security and Compliance are not at cross-hairs with business growth or user experience. Customers who know their information, interactions are secure when dealing with your organization tend to make for happy, satisfied and loyal customers. Allowing seamless yet secure access via social and mobile channels or enabling access to cloud applications securely – all part of the master plan to enable friendly user experience and customer trust intact.

OPINION: No one size fits all for defining Privacy, Security and Compliance plans. Regions, industries, business units and more all add to the mix. So, while it makes sense to build in Security, Privacy and Compliance in your architecture plans versus bolting it on afterwards, IT or Privacy teams alone can’t be the sole stakeholders.

FACT: All opinions are incidentally up for debate and discussion. We will be hosting and participating in the Privacy conversation tomorrow. Feel free to challenge us, ask your own questions and add your commentary. #PrivQA tmrw at 10 am PDT/ 1 pm EDT on twitter

FACT: We look forward to hearing from you!

Tuesday Apr 02, 2013

You do know you are on camera...don't you?

On Thursday, Dr. Ann Cavoukian, Ontario's Commissioner of Information and Privacy will be joining the IDM team for a live Twitter chat about privacy.  Here are the details:

--- 

Live Twitter Conversation with the Ontario Commissioner of Privacy

Thursday, April 4, 10 a.m. PDT/1 p.m. EDT

Join on twitter using #PrivQA

---

This got me thinking about privacy, and how cameras have silently invaded all aspects of our lives.  Security cameras are not new: see the video below.

OK - it's clear this guy expected a camera to be on him when he breaks in, but somehow he didn't expect the camera to be watching him before...?  And, what's up with those crazy pants?  But, I digress...

Cameras in stores, cameras in office buildings, traffic cameras - and now that your phone is a camera, they are with you everywhere you go.  It used to be: "hey that's a good picture, can you email it to me?" now we say, "hey that's a good picture, can you post it on Facebook so everyone can see?"   Instagram has over 100M users now, and it's clear that the younger generation is definitely very comfortable sharing their pictures with anyone and everyone.

There used to be a lot more complaints and resistance to cameras being everywhere, with the fear that the government was getting into every aspect of our personal lives.  The truth is, we are voluntarily exposing ourselves!

So with cameras everywhere, is your life private? 

Securely Social SuperMarkets: SUPERVALU Embraces Secure Social and Mobile

Oracle announced today that SUPERVALU is leveraging Oracle Identity Management Release 2 to empower its employees to securely use social and mobile environments in an effort to bring efficiency and agility at grocery storefronts.

SUPERVALU is a leading grocery retailer and supply chain operator that has over 2000 retail locations and 2,500 independent franchises, as well as extensive supply chain services that are leveraged by the company, customers and government organizations across the country.

Powered by Oracle Identity Management, SUPERVALU’s advanced social and mobile strategy serves as an excellent example of how companies today are leveraging social and mobile to enable business and improve customer experience. Read the press release and take a look at this brief video we recorded with SUPERVALU’s Phillip Black.

What is your business case for social and/or mobile? Do tell.

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2013 »
SunMonTueWedThuFriSat
 
1
4
6
7
8
13
14
20
21
27
28
30
    
       
Today