A European Perspective on Identity and Access Management
By Greg Jensen on Mar 24, 2014
Guest blogger Marcel Rizcallah is the EMEA Domain Leader for Security at Oracle Consulting.
In the last 10+ years working with identity and access management (IAM) customers, I have had the pleasure to work on different case studies throughout Europe that include specific industry requirements. In doing so, I have assisted customers with the definition of their IAM strategy and implementation roadmap, helping align security policies with business drivers.
have learned that the European market is characterized by a high level of
consolidation with merger and acquisitions in recent years. For example, most
of the Telco organizations have consolidated through acquisitions, and now only
a few giants remain such as BT, Orange, Vodafone, Telefonica and Telenor. The
consequence is difficulty achieving compliance with regulatory laws and
controlling operations costs as it’s challenging to get a single view of their
European employees and centralize access rights across the various applications
and systems, which unfortunately are still based on local and legacy solutions.
As most organizations used to have local and disconnected IAM solutions, they are now starting to rebuild consolidated and brand new IAM infrastructures based on the last versions of Oracle IAM products. Thanks to the underpinning Oracle FMW stack, organizations can now provide the flexibility and scalability required by such huge implementations with 100 000’s of users and even millions of them, if we include their customers.
In the Public sector, governments and the European Union organization are working on citizen’s services integration to provide better user experience and harmonize citizen’s rights between countries, such as social security, unemployment and retirement services. For that, governments are adopting identity federation services based on SAML 2.0. Federation is so strategic for them, that countries such as France were part of the Liberty Alliance foundation and were active in elaborating the federation standard with vendors such as Sun. Today, identity federation is also a key component of online government services, providing better citizen experience with access management single-sign-on and identity mapping when moving across online services such as unemployment or tax declaration.
European institutions such as national banks and borders agencies are providing access to their public agents to shared applications across countries. The complexity of such integration resides in the different approval workflows, which are specific to each country, and need to be processed across more than one organization. They have developed complex and custom workflows in their legacy IAM solutions which are difficult and expensive to maintain. This is where modern IAM platforms, with embedded workflows engines such as Oracle BPEL, can bring a strong added value.
In the finance sector, retail and private banks are looking to control critical application access based on employees’ job position and organization. Most of them have defined role models that need to be integrated with a provisioning solution to update accesses on user join, move or leave. Solutions usually rely on custom role modeling tools and corporate directories with groups associated to each role. Those directories must be designed to be highly available and performant to avoid being a single point of failure.
From those few examples we can see that IAM solutions have to address specific challenges per industry sector. Those challenges will increase with Mobile & Social, Big Data and Cloud computing! I will elaborate on this in a next blog.