Adaptive Access in Oracle Identity Management 11gR2
By B Shashikumar on Jul 30, 2012
[Guest Post by Mark Karlstrand]
Mark Karlstrand is a Senior Manager of Product Management at Oracle focused on innovative security for enterprise web and mobile applications. Over the last sixteen years Mark has served as director in a number of tech startups before joining Oracle in 2007. Working with a team of talented architects and engineers Mark developed Oracle Adaptive Access Manager, a best of breed access security solution.
With the latest release of Oracle Identity Management, Oracle is delivering some dramatic context-aware security enhancements as part of its Access Management solution stack. There are a couple of different market trends driving these enhancements. Firstly, online threats are constantly evolving which results in the need for adaptive access security mechanisms. Secondly, the rapid adoption of mobile computing and migration of fraud attacks to mobile devices is pushing enterprises, banks and e-commerce providers to demand sophisticated fraud prevention capabilities across both web and mobile channels. Recently Gartner put out a research note which estimates that by year end 2013, 12.5% of all ecommerce transactions will be conducted via mobile devices. The latest release of Oracle Access Management includes significant features within Adaptive Access to strengthen web, cloud and mobile access security.
- Risk-Aware Access Management: Oracle Access Management now provides a seamless experience when users navigate between low risk and high risk resources. Higher risk resources are protected by risk-based adaptive authentication which is transparent to end users unless their behavior is abnormal. For example, if a user accesses a low risk application via their web single sign on password then attempts to access a high risk application while on a trip to a country they rarely visit the user may be asked to enter a one-time password delivered to their cell phone.
- Adaptive Access for Mobile Computing: Adaptive Access capabilities have been integrated with the new Mobile and Social component of Oracle Access Management. This provides advanced security features including device registration and tracking, location awareness, lost/stolen device control and risk based authentication to secure access via both iOS native applications and mobile browsers. This allows customers to extend their enterprise web access security to cover mobile use cases which maintains manageability and centralized control across channels of access.
- Auto Learning for Transactions: We have extended our auto-learning functionality to cover application transaction use cases. Our Adaptive Access solution profiles transactional behaviors and detects anomalies in real-time. For instance, an online banking provider can detect transactional anomalies that may occur if a user’s browser is infected with “man-in-the-browser” malware. If for example, malware alters the destination account in a funds transfer transaction, this could be detected. The solution tracks the frequency of data combinations and determines the risk in real-time by taking into account historical behavior.
- Access Monitoring: With Adaptive Access, we also enable healthcare organizations to meet tough compliance requirements related to tight controls on electronic medical record access. HIPAA/HITECH requires providers to take a more proactive posture and our real-time analytics technology is helping them achieve this goal.
- Cloud Service Provider Layered Security: Security concerns are still a top item preventing many businesses from taking advantage of cloud service offerings. Now, cloud service providers can easily provide context-aware layered access security even when users authenticate within their own enterprise environment and access cloud services via federation. For example, If a user authenticates to their corporate SSO then navigates to the cloud service risk analysis and identity verification can be applied if the user attempts to access any high risk service or application in the cloud.