Wednesday Aug 14, 2013

Identity Management at Oracle OpenWorld 2013

The IDM team is getting ready for OpenWorld 2013 and the speaking schedule is now available.  Take a look at the schedule below.

Monday September 23, 2013

TIME

TITLE

LOCATION

10:45 am – 11:45 am

CON8808: Oracle Identity Management: Enabling Business Growth in the New Economy

Amit Jasuja Senior VP, Identity Management and Security, Oracle

Moscone West, Room 2018

12:15 am – 1:15 pm

CON8833: Access at Scale for 100's of millions of users

Venu Shastri, Senior Principal Product Manager, Oracle
Selvendran Neelamegam, Principal Member Technical Staff, Oracle

Moscone West, Room 2018

1:45 pm – 2:45 pm

CON8810: Who Should have Access to What -- Better risk management with Identity Governance

Jim Taylor, Senior Director Product Management, Oracle
Neil Gandhi, Principal Product Manager, Oracle

Moscone West, Room 2018

4:45 pm – 5:45 pm

CON8819: Context and Risk Aware Access Control – Any Device Any Where

Svetlana Kolomeyskaya, Principal Product Manager, Oracle
Ashish Kolli, Senior Director Development, Oracle

Moscone West, Room 2018

4:45 pm – 5:45 pm

CON4535: 200M: Real World Large Scale Access and Directory Deployment at Verizon

Nahil Khan, Verizon Wireless

Moscone West, Room 2012


Tuesday September 24, 2013

TIME

TITLE

LOCATION

10:15 am – 11:15 am

CON8811: Converged Identity Governance to Speed up Business and Reduce Cost

Sanjay Rallapalli, Senior Manager, Product Management, Oracle
Rajesh Pakkath, Principal Product Manager, Oracle

Moscone West, Room 2018

11:45 am – 12:45 pm

CON8896: Securely Enabling Mobile Access for Business Transformation

Lee Howarth, Senior Principal Product Manager, Oracle
Ajay Sondhil, Software Development Director, Oracle

Moscone West, Room 2018

1:15 pm – 2:15 pm

CON8834: Attract new customers and users by leveraging Bring Your Own Identity (BYOI)

Forest Yin, Senior Director of Product Management, Oracle

Moscone West, Room 2018

5:00 pm – 6:00 pm

CON8817: API Management: Enable Your Infrastructure for Secure Mobile and Cloud Use

Ganesh Kirti, Oracle
Sastry Hari, Architect - Entitlement Server, Oracle

Moscone West, Room 2018


Wednesday September 25, 2013

TIME

TITLE

LOCATION

10:15 am – 11:15 am

CON8829: Partnering for Success with your System Integrator

Scott Bonnell, Senior Director Product Management, Oracle
Darin Pendergraft, Principal Product Marketing Director, Oracle

Moscone West, Room 2018

11:45 am – 12:45 pm

CON8837: Leverage Authorization to Monetize Content and Media Subscriptions

Roger Wigenstam, Senior Director Product Management, Oracle
Sid Mishra, Senior Principal Product Manager, Oracle

Moscone West, Room 2018

1:15 pm – 2:15 pm

CON8828: Justifying and Planning a successful Identity Management Upgrade

Javed Beg, Group Product Manager, Oracle
Sanjay Rallapalli,
Senior Manager, Product Management, Oracle, Oracle

Moscone West, Room 2018

3:30 am – 4:30 pm

CON8813: Securing Privileged Accounts with an integrated identity management solution

Olaf Stullich, Principal Product Manager, Oracle

Moscone West, Room 2018

5:00 pm – 6:00 pm

CON8823: Access Management for the Internet of Things

Kanishk Mahajan, Principal Product Manager, Oracle
Mark Wilcox, Senior Manager Product Management, Oracle

Moscone West, Room 2018

Thursday September 26, 2013

TIME

TITLE

LOCATION

11:00 am – 12:00 pm

CON8836: Leveraging the Cloud to simplify your Identity Management implementation

Guru Shashikumar, Product Management Director, Oracle
Mike Neuenschwander, Senior Director of Product Management, Oracle

Moscone West, Room 2018

12:30 pm – 1:30 pm

CON4342: Identity Services in the New GM IT

Andrew Cameron, General Motors

Moscone West, Room 2018

2:00 pm – 3:00 pm

CON9024: Next Generation Optimized Directory - Oracle Unified Directory

Etienne Remillon, Senior Principal Product Manager, Oracle

Moscone West, Room 2018

2:00 pm – 3:00 pm

CON8902: Developing Secure Mobile Applications

Mark Wilcox, Senior Manager - Product Management, Oracle
Kanishk
Mahajan, Principal Product Manager, Oracle

Marriot Marquis - Golden Gate C3

3:30 pm – 4:30 pm

CON8826: Zero Capital Investment by leveraging Identity Management as a Service

Mike Neuenschwander, Senior Director of Product Management, Oracle
Lee Howarth,
Senior Principal Product Manager, Oracle

Moscone West, Room 2018



Integrating Identity Management and GRC: Decreasing Risk Across Your Organization (Deloitte)

In this edition of the Oracle IDM blog, we’ll look at a case study for integrating Oracle Identity Manager (OIM) 11g with Oracle Governance, Risk, and Compliance (GRC) as part of an enterprise deployment and an integrated risk management strategy. We will incorporate specific use cases that leverage an integration of the two solutions to address risk and promote operational efficiency for routine tasks such as access requests and certification.  In addition to the primary focus between OIM and GRC, we will also highlight how Oracle E-Business Suites (EBS) roles are defined, synchronized, and provisioned using a combination of these two solutions providing an end-to-end integrated solution of the Oracle “suite.”

Abstract

When we think about Identity Management, we often relegate it to the IT Security or Infrastructure groups where it is traditionally used to address manual security and administration functions such as creating accounts, e.g., “hire and fire” scenarios, granting additional entitlements, and providing report-outs on information access for audit purposes. As identity systems improved their ability to manage the access they provisioned, it has become clear that there was a powerful relationship between IAM and GRC initiatives to better manager enterprise compliance in an integrated, less redundant fashion.

In many organizations today, GRC initiatives are often spread across multiple infrastructure silos and managed by different business units or IT groups. Tackling the constantly evolving regulatory requirements, coupled with increased business complexity, may present an uphill battle for a compliance department within the organization. Organizations are being asked not only to understand ever-changing global regulations, but also to create appropriate strategies in addressing their GRC needs.

Knowing who has access to what is not only important from a traditional security sense, but is important to financial controls groups being able to attest that financially significant systems have minimal risk through inappropriate access. By integrating Oracle’s GRC and Identity Management platforms and the associated processes, organizations can improve user lifecycle management, continuous monitoring and automated controls enforcement to assist with sustainable risk and compliance management. 

 
Figure 1 – Solution architecture

Solution Architecture

For a visual reference of the type of integration we are discussing, we have included an overview of how the systems can potentially interact.  In Figure 1, you will notice a typical Human Resource authoritative source system feeds OIM and OIM then provisions to target resources.  What’s different is the call-out to Oracle GRC to perform policy checks.

We won’t reference all of the GRC functionality available in this blog, but will focus on the segregation of duties (SoD) integration and relevant use case. [for detailed instructions on this integration, please see: http://docs.oracle.com/cd/E14899_01/doc.9102/e14763/segregation_duties.htm].    What’s interesting about this integration is OIM is able to leverage the information EBS and GRC already have about the roles that exist.  Using OIM scheduled tasks, we are able to synchronize those roles into OIM so that there is no need to manually build them in OIM.  Moreover, if the roles get end-dated in EBS, OIM reconciliation with EBS will end-date the roles and the related access for the users who have that role assigned with a goal of end-to-end compliance.  Both OIM and GRC offer a web services interface for performing common transactions.  More information about this can be found at http://docs.oracle.com/cd/E14507_01/apirefs.1112/e14133/using003.htm

Compliant User Provisioning

In our use case, we will explore how during an access request, a real-time validation can be performed against known SoD conflicts to determine if a role being requested has a conflict.  Through OIM’s Service-Oriented Architecture (SOA) workflow functionality, we can include an additional layer of approval if a conflict is presented.  A conflict is often unavoidable and, in many cases, requires a power user from the compliance organization to step in, review the request, and document a mitigating control before accepting.  In this example, we’ll show a request by a Payables Manager for an Invoice Entry EBS role.
 
As you can see in this process flow, there is cross-functional behavior between the OIM and GRC solutions to identify the SoD violation and apply a mitigating control if required.  Ultimately, OIM manages the provisioning of the role in the end system (EBS in this example) and, therefore, will be able to continually track that entitlement.

There are three take-a-ways from this use case.  With GRC and IAM integration, organizations can:

• Automate provisioning and de-provisioning of business application users, with appropriate authorization and compliance checks.
• Improve the management of enterprise accounts and efficiently produce reports such as “who has access to what.”
• Reduce the cost of compliance by removing the need for after the fact remediation.

In Conclusion

At Deloitte , we see the need to not only install and configure an IAM solution, but to work with our clients to get value out of an enterprise compliance approach.  Solutions can be leveraged in their individual capacity to achieve benefits for an organization, but when organizations leverage cross-platform synergies, such as the ones that Oracle has intentionally created within their OIM and GRC solutions, the sum can become greater than the parts.  An integrated approach to an organization’s IAM and GRC programs can assist in reducing costs and redundancies, and improving value to the organization.

About the Author

Kevin Urbanowicz is a Manager in Deloitte & Touche LLP’s Security & Privacy practice with eight years of experience in information technology with a focus on Identity & Access Management (IAM).  He has served primarily in the Oil & Gas sector where he has helped his clients identify the business drivers and build the business case for establishing world-class IAM solutions that maximize IT efficiency and minimize security and compliance risk. 

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« August 2013 »
SunMonTueWedThuFriSat
    
1
2
3
4
5
6
8
9
10
11
12
13
15
16
17
18
19
20
21
22
24
25
26
27
28
29
30
31
       
Today