Getting IT Right with an End-to-End Access Control - Q&A Follow-Up
By Tanu Sood-Oracle on Aug 11, 2011
Thanks to all who joined us on our last week’s webcast on “Getting IT Right with an End-to-End Access Control Strategy”. Identity Management is about User Authentication, Authorization, Administration and Audit (the 4 A’s of Identity Management). But it doesn’t end with task automation. Identity Management needs to be smart (read: intelligent). It needs to ANALYZE the circumstances, understand the CONTEXT and CONTROL or manage the user interaction with the enterprise resources. Marc Boroditsky, Vice President, Oracle Identity Management, did a great job in explaining how end-to-end access control is really about becoming more context-aware with information backed by advanced analytics to offer more control.
The webcast replay is now available and we hope to continue the conversation we started with this webcast. In the meantime, I have captured the responses to the questions asked during the webcast.
Q. Is Identity Management strategic for Oracle?
A. Very much so. Oracle continues to make significant investments in Identity Management across all organizations including product development, customer and sales support, business development, marketing, and more.
Q. Where can I find the Aberdeen Report that Marc mentioned?
A. You can download the Aberdeen Report citing the findings on Platform vs. Point Solution Approach Study for Identity Management here.
Q. I was at one of the major health insurance providers recently. I was told not to bring laptop or any other hardware. I was told not to upload or download a file. Access to servers I was supposed to work on took 3+ weeks. Is that a smart way of doing security?
A. No access or limited access as a policy is detrimental to getting business done. And in fact, it may still not be an effective security measure. A smart approach would be to have layered security whereby only the right people have the right level of access to the right resources at the right time. When a user role or needs change, that change should also trigger user access and administration change. Moreover, all of this should be auditable. An integrated approach to user authentication, access authorization, administration and audit will accomplish this.
Q. Where can I find product roadmaps for Access and Identity?
A. Technical information for all our Identity Management products is located on Oracle Technology Network. To schedule a roadmap briefing, please request your account manager.
Q. Is Oracle Identity Management part of the Oracle Database binary code?
A. No. Oracle Identity Management solutions are licensed separately.
Q. What differentiates Oracle Identity Management offering from its GRC Suite offering?
A. While GRC deals with standards-based platform for enterprise risk management, regulatory compliance, and controls enforcement, Oracle Identity Management solutions allow enterprises to manage the entire user identity life cycle across all enterprise resources and offer identity audit & compliance capabilities.
Q. How does Oracle Identity Management stack support private/public cloud infrastructure?
A. Oracle’s Identity Management stack plays a critical role in making the cloud environment secure for enterprises.
- Identity federation is one area where standards such as SAML are quite mature and are being adopted by cloud providers and applications. Oracle Identity Federation (OIF) offers full range of standards-based federation between cloud applications and their customer’s applications.
- Oracle Identity Manager (OIM) provides standards-based secure provisioning and self service registration of application users to cloud applications via support for SPML services and BPEL workflow definitions.
- Oracle Enterprise Single Sign-On (ESSO) Suite lets enterprises host ESSO in a private cloud to offer users secure access to heterogeneous enterprise resources from anywhere, anytime.
- Oracle Access Manager (OAM) provides a robust Single Sign On capability that streamlines identity authentication processes across cloud applications
- Oracle Adaptive Access Manager (OAAM) provides strong authentication, identity verification, and fraud prevention across service provider’s cloud applications
- Oracle Web Services Manager (OWSM) provides policy-based authentication and authorization infrastructure for securing web services
We encourage you to download our Cloud Security Resource Kit for additional detail.
Q. With the layered security approach, are you recommending that there be a specific order of implementation i.e. Directory Services, SSO and Provisioning first and then the remaining pieces?
A. The order of implementation and even the scope of implementation are based on the organization’s needs and the specific issues/business challenges you are trying to solve. Please connect with your account manager to discuss your specific needs and chart out the appropriate implementation plan for the best return-on-investment.
Q. Is Oracle Identity Management a new technology?
A. Oracle has been offering proven, best-of-breed Identity Management solutions for quite some time. With continued investment in technology and resources, Oracle’s Identity Management solutions portfolio has grown significantly over the years. For a complete list of Oracle Identity Management offerings and more information, please visit us at www.oracle.com/identity.
Q. Can I use Oracle Identity Management to centrally manage access for multiple external clients?
A. Yes. Oracle Identity Management solutions allow you to centrally manage user authentication, authorization, administration and identity audit across all resources and for all users regardless of whether they are within or outside your organization. A good example of external user facilitation is: Qualcomm Case Study: Supporting User Federation using Oracle Identity Federation.
Q. Can Oracle Identity Management provide the visual graphic metrics of all user activities like the Oracle OEM alert metric?
A. Oracle Identity Analytics provides actionable dashboards, graphs and metrics for user and identity audit at any time. Oracle Adaptive Access Manager provides strong risk-based authentication features like real-time risk alerts based on behavioral profiling and advanced risk analytics.
Q. How do we integrate the new Oracle Identity product with other large apps e.g. Siemens PLM product?
A. Oracle Identity Manager can integrate with Siemens PLM using the application’s API or if the application supports SPML, then by using SPML calls. Oracle Identity Manager’s Identity Connector Framework makes the integration process quite flexible, scalable and efficient. Most market leading applications and systems are supported out-of-the-box.
Q. How can the tool set transit the identity between the layers, for instance if I have a JBOSS server and a WebLogic server, how can I pass the identity from one to the other so that both can participate in this vision?
A. With Oracle Identity Management, you can externalize identities to a centralized identity platform supported by Oracle Platform Security Services (OPSS). OPSS allows you to abstract security, audit, and identity management functionality from applications so you no longer have to hard code these in individual applications thereby reducing the time and cost for application lifecycle. Read more about this revolutionary approach here.
Q. Would I need Oracle Directory Services if I have Oracle Identity Manager in-house?
A. Oracle Directory Services Plus and Oracle Identity Manager are complementary solutions. Oracle Directory Services Plus is the industry’s only integrated solution that offers identity virtualization, storage, proxy and synchronization services for high-performance enterprise and carrier-grade environments. Oracle Identity Manager is an identity administration and user provisioning solution that automates the process of adding, managing, updating and deleting user accounts on enterprise resources, whether on-premise or in the cloud. While these solutions work very well together and solve unique challenges, the implementation of one does NOT require the implementation of the other.
Hope this is just a start of our conversation on this subject. We look forward to hearing your feedback on the approach Marc alluded to during the webcast and how it applies to the organizations today.