Monday Nov 25, 2013

Congratulations to Putnam Investments for winning the 2013 Oracle Excellence Award for Identity Management

This year, Putnam Investments won one of two Fusion Middleware Innovation Awards from a field of 31 organizations worldwide.

Pictured left to right: Aaron Perry, President of APTEC LLC, Marc Boroditsky Vice President of Product Mangement IDM, and John Xu Putnam Investments

Putnam Investments won the 2013 OEA award for their project that migrated 80 core applications from Sun Access Manager to Oracle Access Manager in a year’s time, and replaced a competitive Identity Management solution with Oracle Identity Manager to automate access requests and approval workflows.

They are the recipients of this year’s excellence award for their comprehensive vision of how identity management is transforming their business through a converged security infrastructure.

Congratulations to ANZ Banking Group for winning the 2013 Oracle Excellence Award for Identity Management

This year ANZ Banking Group won one of two coveted Oracle Excellence awards for Fusion Middleware Innovation in the Identity Management category.  ANZ and Putnam were chosen from a field of 31 entries submitted by organizations worldwide.

Pictured left to right: Paul Beresford, ANZ Banking Group, Marc Boroditsky, Vice President Product Mangement, IDM, Richard Watson, IDM Sales Director, ANZ

ANZ Banking Group won the 2013 OEA award for their project to migrate their award winning mobile banking application from a competitive product to the Oracle IDM Platform, which provides device registration, authentication, authorization and application SSO.

By leveraging the Oracle IDM Platform, ANZ is able to provide a consistent customer experience regardless of how customers access the system (Mobile, Web, ATM, etc.)  Their innovative design resulted in extremely high levels of code reuse and 60% reduction of interfaces needed internally.

Webcast: Oracle Mobile Strategy Update - Simplifying Enterprise Mobility (Register now)

[Read More]

Sunday Nov 24, 2013

Securing The Citizen Experience

Governments have often been the slowest to adopt new technologies - not any more. This video from the UK government's digital services strategy shares a vision for citizen services that will inspire. This phenomenon is not isolated to the United Kingdom. Across the world citizens are paying more in taxes and demanding better services. All of this is changing the way governments are thinking about security. The new experience is cross channel: mobile, social and online. If we are lucky we may never have to go back to the department of motor vehicles again.

The Pressure to transform:

Monday Nov 18, 2013

The Technology Stack of Mobile Device Enablement - Simieo Solutions

Mobile computing has proven to be a game changer, revolutionizing the way we work, communicate and connect. Arguably, this revolution can trace its roots back to the ‘Personal Computer’, which freed individuals and organizations from the centralized mainframe operating model and we haven’t looked back since then. But what’s remarkable about mobile computing is the unprecedented pace of change and innovation it has brought about. Mobile devices are penetrating and transforming businesses today far faster than any previous generations of computing technologies ,including laptops and desktops.

Current landscape
Today, "going mobile" means a lot more than just modifying the content to fit a browser on a small screen size. Infrastructures can no longer afford to limit remote or mobile access to browser-based functionality. Users need access to more applications and data, from a wider variety of mobile and wireless devices.
Mobile device capabilities have reached new heights, which in turn has spurred demand for rich mobile applications that require access to private enterprise data in order to deliver functionality. These applications have become indispensable tools for end users. They are being inextricably woven into day-to-day business operations in an effort to improve productivity. In spite of the complexity, these devices are becoming a critical component of the computing environment because of their versatility.

Enter BYOD
Perhaps the single biggest driver of the mobile revolution has been the widespread adoption of “Bring Your Own Device” or “BYOD.” BYOD is the policy of permitting – or even encouraging – employees to bring personally owned mobile devices (laptops, tablets and smart phones) to their workplace, and to use those devices to access privileged company information and applications. Seemingly overnight, BYOD has supplanted the traditional policy of permitting only “corporate-liable” or “CL” devices, those that are owned and issued by the company.

The Benefits of BYOD
BYOD fosters business process efficiency by allowing employees to complete their tasks at any time and from anywhere – whether they are sales representatives, technical analysts in the field, customer-facing employees, manufacturing reps and the like. Every one of these employees needs access to data, which can enable them to make the right decisions, answer queries, come up with proposals, close deals and execute other vital tasks.
The benefits of BYOD include:

Improved workplace flexibility and productivity with secure "anytime, anywhere" access for employees. It promotes employee satisfaction. It also increases effective employee work hours in small increments per week, which in turn translates to a greater throughput from the workforce.

Increased sales revenues from quick, reliable access to business-generating applications on employee-owned devices.

  • Competitive appeal for market leadership and recruiting. Adopting innovative technology solutions such as mobility is valued by organizations for maintaining competitive positioning in their respective marketplaces. 
  • Reduced costs for acquiring, distributing and replacing corporate-liable (CL) devices.
  • Reduce complexity and costs from internally maintaining the mobility infrastructure.
  • Decreased help desk support with a reduction in the number of inbound calls for CL devices.
  • This is definitely not an exhaustive list, but it covers the common factors fueling BYOD adoption.

Imminent Challenges and Risks
It's not too difficult to lose a smart phone or tablet, resulting in confidential data being exposed to non trusted entities. Thus, accessing and storing corporate data on private devices presents unique security challenges to the enterprise.The IT security team and the CIO office are now dealing with questions such as:

Do our enterprise applications qualify as “secure” and “cloud ready”?

  • How do we manage security of the enterprise applications in a scenario where a plethora of mobile devices connect to them for accessing sensitive data?
  • How can my company enable social trust as a means of connecting to customers and employees?
  • What about securing the digital and intellectual property which has been exposed as a result of the BYOD scheme?
  • Some of the inevitable challenges for organizations adopting BYOD include:
  • Handling the deluge of BYOD demand (tablets, smart phones, smart watches and more)
  • Adapting to costs and risk that are no longer "per user" but rather "per device"
  • Avoiding the risk of revolt when applying corporate lock-downs and restrictions on devices owned by the employee
  • Addressing the increased threats associated with mobile
  • Obtaining increased budget to address the risk of mobile
  • Configuration management to reduce vulnerability exposure
  • Adopting configuration management to reduce vulnerability exposure
  • Managing what apps are allowed
  • Determining how to track and manage a personal device the same way as a CL device without violating personal privacy
  • Using mobile as an "enabling" component to the business instead of a roadblock

There are four primary areas that are putting consumers and enterprises at risk on mobile platforms:

  • Access based attacks – Privileged users who have access to more data than they should, or are using legitimate access to steal confidential data, and share or use it in ways that negatively affect the organization.
  • Device Loss – The loss of a corporate or personal device that contains confidential data on the device, or within secondary memory, due to loss or theft of the device.
  • Rogue malicious apps – Applications that have been compromised by attackers and posted on various app stores that contain hidden payloads that steal data, initiate connections, commit outbound toll-fraud or are used as a launching point for attacks inside a trusted corporate network.
  • SMS Attacks – Unwanted inbound SMS messages from attackers that trick users to take actions that can lead to installation of code or to increased carrier based charges.

Identity and Access Management to the Rescue
Luckily, corporations facing these risks and challenges don’t have to go it alone. The field of Identity and Access Management (IAM) has evolved just as rapidly with solutions designed to address key aspects of BYOD adoption:

  • Mobile Device Management (MDM)
  • Mobile Identity Management (MIM)
  • Mobile Application Management (MAM)

IAM solution providers, including our company, Simeio Solutions, have seen tremendous growth in these areas, with new tools, technologies, methodologies and best practices designed to help organizations adopt BYOD securely and effectively.

The need of the hour is seamless and secure digital connectivity for cloud and mobile integration in order for BYOD to prosper.
Here is where a product like Oracle Mobile and Social Access Management comes into the picture. Oracle Mobile and Social Access Management is a solution which enables an organization to secure mobile access to their enterprise applications. It includes a server which acts as a “secure wall” between external mobile client applications and the enterprise applications and data stores (which the mobile applications eventually access) by leveraging the existing back end identity infra services in order to regulate the interaction between both entities.

Oracle Mobile and Social Access Management Offerings

The Oracle Mobile and Social Access Management solution includes features in each of the following key areas: MDM, MIM and MAM.

Mobile Device Management

  • Device Enrollment – Oracle Mobile and Social Service components enforce device registration as a prerequisite to granting access to sensitive enterprise applications/data. A “Client Registration Handle” is used to process first-time device registration post user authentication via the Mobile and Social server.
  • Device Fingerprinting – Mobile and Social Access Server leverages the service from Oracle Adaptive Access Manager (OAAM) in order to deliver functionality such as Device Fingerprinting. OAAM provides capabilities such as One Time Password (OTP) and Knowledge Based Authentication (KBA) based on policies and risk assessments.
  • Device Blacklisting – Oracle Mobile and Social Access Services address the inherent risk of smart phone thefts. It provides capabilities to blacklist/block insecure devices and/or wipe out sensitive security information on the device as per threat levels.

Mobile Identity Management

  • Mobile User Authentication – Oracle Mobile and Social Services facilitate delegation of mobile user authentication to existing and trusted components such as Oracle Access Manager (OAM) and Oracle Adaptive Access Manager (OAAM for strong authentication)
  • Mobile User Authorization – Oracle Entitlements Server (OES), a fine grained authorization server, is leveraged to provide authorization services for mobile users based on its policy driven decision engine in order to enforce appropriate access for mobile users to backend enterprise applications.
  • Social Identity support – Oracle Mobile and Social Services facilitates the usage of social internet identities such as Facebook, Twitter, Google, LinkedIn, etc., for signing on users to less sensitive applications. Many of these providers are based on open standards such as OpenID and OAuth, and this in turn can be leveraged to provide rich user experiences.

Leveraging Social Identities

Mobile Application Management

  • Mobile Apps Single Sign-On (SSO) – A mobile user can run many mobile applications on the same device without having to authenticate to each application individually. The out-of-the-box software development kit (SDK) shipped as a part of Oracle Mobile and Social can be used to build and configure Mobile SSO agents which can be used as a centralized point from where authentication and SSO can be managed.
  • SSO functionality is also available to web based applications in addition to inter-application SSO.
  • Application Registration – In order to strengthen mobile application security, Oracle Mobile and Social services ensure application registration before allowing access to sensitive data housed within enterprise applications.

Oracle Mobile and Social Access: The Big Picture

Mobile computing is here to stay. Along with its many luxuries, its penetration has introduced new complexities and challenges to organizations. They cannot afford to fall back on user awareness and user agreements to provide security. The question is no longer about allowing or denying mobile access. The question for today is about effective management.
This post is just the first in a 4-part blog series. In our next post, we’ll have in-depth coverage of Mobile Device Management (MDM).

About the Author
Abhishek Gupta is a Senior IAM Engineer at Simeio Solutions. He has over 5 years of experience in the IAM space and has been involved in design, development and implementation of IAM solutions for Simeio's customers with a prime focus on Oracle IAM Suite.

Friday Nov 08, 2013

Webinar: Effective Planning for Oracle Identity Management 11gR2?

 Is your organization just starting your planning for Identity Management 11gR2?  Are you unsure what the technical and business value gains are, in upgrading to Oracle's 11gR2?  Or are you planning for the upgrade and just unsure of what to expect?

In this webinar, experts from Oracle and AmerIndia will discuss the new features of 11gR2, latest market trends, and how IAM transforms organizations. In addition, planning and implementation strategy of the upgrade process will be discussed. The presenters will also share success stories and highlight challenges faced by organizations belonging to different verticals and how Oracle’s solutions and AmerIndia’s services addressed those challenges.

Topics include:

  • Market trends and 11gR2
  • Planning an upgrade
  • Approach and Implementation Strategy
  • Success stories

Registration is now open for this Webinar for December 5th from 2pm - 3pm EST.


Sunday Nov 03, 2013

Patients are Running out of Patience

Healthcare is in a dramatic state of change globally and the change is being driven by patients. Patients are no longer content to wait in line, endure appointment delays and stay on hold waiting for a health insurance representative. Instead, patients are demanding on-line access to physicians, joining communities with fellow patients, scheduling appointments online and resolving claims issues over email. 

To accomodate the demand for patient connectivity, providers are innovating to find new ways to collaborate with patients. To address the demand, providers are providing 24/7 access online and pioneering ways to deliver care via mobile devices -  for example using your iPhone as a heart monitor. Patient vitals can be collected before the patient even walks into the clinic. 

These new approaches promise to enhance the patient experience and reduce the cost of care. Time is money both for the patient and the provider. For insurance companies, all of this is  welcome news because it reduces un-necessary time with the physician which reduces the number of claims.  Oracle is focused on enabling and securing the experience. The video below shares the Oracle healthcare transformation story.


Friday Nov 01, 2013

The Importance of a Security Assessment - by Michael Terra, Oracle

Today's Blog was written by Michael Terra, who was the Subject Matter Expert for the recently announced Oracle Online Security Assessment.

You can take the Online Assessment here: Take the Online Assessment

Over the past decade, IT Security has become a recognized and respected Business discipline.  Several factors have contributed to IT Security becoming a core business and organizational enabler including, but not limited to, increased external threats and increased regulatory pressure. Security is also viewed as a key enabler for strategic corporate activities such as mergers and acquisitions.

Now, the challenge for senior security professionals is to develop an ongoing dialogue within their organizations about the importance of information security and how it can impact their organization's strategic objectives/mission.

The importance of conducting regular “Security Assessments” across the IT and physical infrastructure has become increasingly important. Security standards and frameworks, such as the international standard ISO 27001, are increasingly being adopted by organizations and their business partners as proof of their security posture and “Security Assessments” are a great way to ensure a continued alignment to these frameworks.

Oracle offers a number of different security assessment covering a broad range of technologies. Some of these are short engagements conducted for free with our strategic customers and partners. Others are longer term paid engagements delivered by Oracle Consulting Services or one of our partners. The goal of a security assessment, (also known as a security audit or security review), is to ensure that necessary security controls are integrated into the design and implementation of a project, application or technology.  A properly completed security assessment should provide documentation outlining any security gaps that exist in an infrastructure and the associated risks for those gaps. With that knowledge, an organization can choose to either mitigate, transfer, avoid or accept the risk.

One example of an Oracle offering is a Security Readiness Assessment:

The Oracle Security Readiness Assessment is a practical security architecture review focused on aligning an organization’s enterprise security architecture to their business principals and strategic objectives. The service will establish a multi-phase security architecture roadmap focused on supporting new and existing business initiatives.

Offering Overview

The Security Readiness Assessment will:

  • Define an organization’s current security posture and provide a roadmap to a desired future state architecture by mapping  security solutions to business goals
  • Incorporate commonly accepted security architecture concepts to streamline an organization’s security vision from strategy to implementation
  • Define the people, process and technology implications of the desired future state architecture
  • The objective is to deliver cohesive, best practice security architectures spanning multiple domains that are unique and specific to the context of your organization.

Offering Details

The Oracle Security Readiness Assessment is a multi-stage process with a dedicated Oracle Security team supporting your organization.  During the course of this free engagement, the team will focus on the following:

  • Review your current business operating model and supporting IT security structures and processes
  • Partner with your organization to establish a future state security architecture leveraging Oracle’s reference architectures, capability maps, and best practices
  • Provide guidance and recommendations on governance practices for the rollout and adoption of your future state security architecture
  • Create an initial business case for the adoption of the future state security architecture

If you are interested in finding out more, ask your Sales Consultant or Account Manager for details.


Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.


« November 2013 »