Wednesday Feb 22, 2012

Immersion in Identity Talks Tomorrow (Feb 23)

If Identity Management is top of mind for you then we have a healthy dose of Identity talks lined up for you tomorrow (Thursday, February 23).

IOUG Webcast: Analyzing Identity as a Platform Approach

Thursday, February 23, 12p EST/11a CST/9a PST

Join Michael Neuenschwander, a well known name in the industry and Senior Director, Oracle Identity Management, on an IOUG webcast to discuss Identity as a Platform approach. Hear first-hand Mike's take on the Platform approach, the rationale behind the same and the results from a study conducted on the subject.

Register to catch the webcast live tomorrow.

And then, right after the IOUG webcast, we have got a live webcast lined up for the Higher Ed industry. 

Live Webcast: Managing Identities and Roles in Higher Education

Thursday, February 23,  1p EST/12p CST/10a PST

At Oracle, we understand that higher education’s environment can be one of the most complex and dynamic environments for managing identities. There are many individuals coming and leaving each semester. Many individuals have more than one responsibility at the same time (Professor, Student, Researcher, Employee etc). These factors present a unique challenge in how to accurately determine what a users role should be so that least privilege security can be obtained and in doing so, regulatory compliance and security requirements can be fulfilled. An intelligent identity analytics solution is the answer.

Join the webcast tomorrow and you'll learn how Oracle Identity Analytics is already playing a crucial role in helping higher ed organizations achieve their security and compliance objectives. Learn the key capabilities required of an identity analytics solution that can help you scale your compliance across your entire IT infrastructure (on premise or in the cloud) in a cost effective manner. This webcast will feature Neil Gandhi, Principal Product Manager at Oracle.

Register today for the live webcast.

Friday Dec 02, 2011

Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics – Q&A Follow-Up

Thanks to all who attended the live webcast event hosted by Healthcare IT News. Hope you find the discussion and the presentations useful; we look forward to a continued conversation.

Compliance in healthcare has always been an active discussion in the identity management industry and here at Oracle too. So, we were very pleased when Jason W. Zellmer, Director, Strategy and Information Management at Kaiser Permanente Information Security agreed to be on a live panel discussion with us to share his experiences and insights with his peers. Especially after having had a similar role in a financial services organization in the past, his commentary on how acute identity management and compliance needs are in a healthcare organization like Kaiser Permanente was particularly insightful. The live event also allowed us to bring in experts from Kaiser’s identity management implementation partner, PricewaterhouseCoopers as well as Oracle’s own solution expert to provide a 360-degrees perspective on healthcare compliance solution design and implementation for healthcare organizations.

The on-demand webcast replay is now available and so are the slides for download. And, since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Could you brief about the OOTB component in ERP for managing SOD checks and how this is effective in the context of integrating with OIM and OIA?

A. Oracle Identity Manager (OIM) and Oracle Identity Analytics (OIA) work seamlessly with OOTB ERP SOD engines like Oracle Applications Access Control Governor (OAACG) to enable both preventative SOD (and IT policy monitoring) checks during the user provisioning process as well as detective and remedial SOD actions.

Q. How are Oracle IDM products flexible with the changing compliance requirements if any?

A. As compliance regulations continue to evolve, standards-based, open Oracle Identity Management solutions allow you to easily configure your workflows in accordance with the changing requirements. And since Oracle Identity Management solutions allow you to externalize security from applications and provide a centralized security platform, organizations can easily adapt to the changing regulatory and compliance landscape without having to rip and replace existing solutions.

Q. Where did you get the 48% IAM cost reduction and 80% productivity boost from?

A. Recently Aberdeen Research conducted a survey comparing cost savings from Platform vs. Point solutions in identity Management and found that organizations choosing products from an integrated stack can save up to 48% long term and achieve better automation and lower administrative costs. Please refer to the Aberdeen paper available for download. The 80% user productivity boost was determined based on the benchmark study conducted for the latest release of Oracle Identity Analytics 11g. Please refer to the recent announcement of availability of enhanced Oracle Identity Analytics.

Q. You referred to an ROI study on Identity Analytics and a model for computing compliance cost savings. Where can I find more information?

A. Forrester Consulting recently conducted a study where they interviewed 4 organizations that had deployed Oracle Identity Analytics to understand the various use cases, cost implications and the results from their respective implementations. Based on these actual studies, Forrester then built an ROI model and calculated aggregated savings for a typical organization. We recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

Tuesday Nov 15, 2011

Limiting Audit Exposure and Managing Risk – Q&A and Follow-Up Conversation

Thanks to all who attended the live ISACA webcast on Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics. We were really fortunate to have Don Sparks from ISACA moderate the webcast featuring Stuart Lincoln, Vice President, IT P&L Client Services, BNP Paribas, North America and Neil Gandhi, Principal Product Manager, Oracle Identity Analytics. Stuart’s insights given the team’s role in providing IT for P&L Client Services and his tremendous experience in identity management and establishing sustainable compliance programs were true value-add at yesterday’s webcast.

And if you are a healthcare organization looking to solve your compliance and security challenges, we recommend you join us for a live webcast on Tuesday, November 29 at 10 am PT. The webcast will feature experts from Kaiser Permanente, PricewaterhouseCoopers and Oracle and the focus of the discussion will be around the compliance challenges a healthcare organization faces and best practices for tackling those. Here are the details:

Healthcare IT News Webcast: Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics

Tuesday, November 29, 2011
10:00 a.m. PT / 1:00 p.m. ET

Register Today

The ISACA webcast replay is now available on-demand and the slides are also available for download. Since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Can you please clarify the mechanism utilized to populate the Identity Warehouse from each individual application's access management function / files?

A. Oracle Identity Analytics (OIA) supports direct imports from applications. Data collection is based on Extract, Transform and Load (ETL) that eliminates the need to write connectors to different applications. Oracle Identity Analytics’ import engine supports complex entitlement feeds saved as either text files or XML. The imports can be scheduled on a periodic basis or triggered as needed. If the applications are synchronized with a user provisioning solution like Oracle Identity Manager, Oracle Identity Analytics has a seamless integration to pull in data from Oracle Identity Manager.

Q.  Can you provide a short summary of the new features in your latest release of Oracle Identity Analytics?

A. Oracle recently announced availability of enhanced Oracle Identity Analytics. This release focused on easing the certification process by offering risk analytics driven certification, advanced certification screens, business centric views and significant improvement in performance including 3X faster data imports, 3X faster certification campaign generation and advanced auto-certification features, that  will allow organizations to improve user productivity by up to 80%. Closed-loop risk feedback and IT policy monitoring with Oracle Identity Manager, a leading user provisioning solution, allows for more accurate certification reviews. And, OIA's improved performance enables customers to scale compliance initiatives supporting millions of user entitlements across thousands of applications, whether on premise or in the cloud, without compromising speed or integrity.

Q. Will ISACA grant a CPE credit for attending this ISACA-sponsored webinar today?

A. From ISACA: Hello and thank you for your interest in the 2011 ISACA Webinar Program!  Unfortunately, there are no CPEs offered for this program, archived or live.  We will be looking into the feasibility of offering them in the future. 

Q. Would you be able to use this to help manage licenses for software? That is to say - could it track software that is not used by a user, thus eliminating the software license?

A. OIA’s integration with Oracle Identity Manager, a leading user provisioning solution, allows organizations to detect ghost accounts or unused accounts via account reconciliation. Based on company’s policies, this could trigger an automated workflow for account deletion or asking for further investigation. Closed-loop feedback between the two solutions would then allow visibility into the complete audit trail of when the account was detected, the action taken, by whom, when and the current status.

Q. We have quarterly attestations and .xls mechanisms are not working. Once the identity data is correlated in Identity Analytics, do you then automate access certification?

A. OIA’s identity warehouse analyzes and correlates identity data across various resources that allows OIA to determine a user’s risk profile, who the access review request should go to, along with all the relevant access details of the user. The access certification manager gets notification on what to review, when and the relevant data is presented in a business friendly screen. Based on the result of the access certification process, actions are triggered and results recorded and archived. Access review managers have visual risk indicators that also allow them to prioritize access certification tasks and efforts.

Q. How does Oracle Identity Analytics work with Cloud Security?

A. For enterprises looking to build their own cloud(s), Oracle offers a set of security services that cloud developers can leverage including Oracle Identity Analytics.  For enterprises looking to manage their compliance requirements but without hosting those in-house and instead having a hosting provider offer managed Identity Management services to the organizations, Oracle Identity Analytics can be leveraged much the same way as you’d in an on-premise (within the enterprise) environment. In fact, organizations today are leveraging Oracle Identity Analytics to manage identity compliance in both these ways.

Q. Would you recommend this as a cost effective solution for a smaller organization with @ 2,500 users?

A. The key return-on-investment (ROI) on Oracle Identity Analytics is derived from automating compliance processes thereby eliminating administrative overhead, minimizing errors, maintaining cost- and time-effective sustainable compliance processes and minimizing audit exposures and penalties.  Of course, there are other tangible benefits that are derived from an Oracle Identity Analytics implementation as outlined in the webcast. For a quantitative analysis of your requirements and potential ROI calculation, we recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

Thursday Oct 27, 2011

Limting Audit Exposure and Managing Risk: A BNP Paribas, North America Success Story

Audits are not something we look forward to typically. Because audits mean we have to prepare for the exercise in addition to doing our daily jobs. Compliance mandates and company policies, however, have made access certification audits a necessary job function. In a large enterprise, that would mean, reviewing access for thousands of users across hundreds of applications in a dynamic environment i.e., where users change jobs, locations, move to and from projects, join or leave the company. The traditional spreadsheet model clearly can't work here. And even if you are somehow able to enforce access policies, how do you prove to your auditors the same? And hence, Audit Eye! If you haven't seen the video, you should check it out now.

 

BNP Paribas, North America took the access certification challenge head-on and triumphed. Are you looking at solving your complex access certification (attestation) challenges? Looking to make the the access certification process simpler, quicker and more reliable? Then, we invite you to come listen to Stuart Lincoln's presentation on a live ISACA webcast on how BNP Paribas, North America implemented well thought-out strategy and solution to make access certification review processes sustainable, convenient and streamlined and audits - a lot less painful. We look forward to a good conversation.

Live ISACA Webcast: Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics
Thursday, November 10, 2011
9 a.m. PDT / 12 p.m. EDT
Register Here

Tuesday Aug 09, 2011

Securing Your Electronic Health Records

Thanks to all those who joined our webcast on securing electronic health information records. According to the survey by healthcare IT News many organizations are depending on the EHR vendors to take care of the security requirements; however, a more systematic approach has to be taken in order to meet the compliance and "meaningful" use requirements .  Mark Ford from Deloitte did a great job of setting the context around the legislation and the changing requirements. Thanks for all of the great questions on the webcast and I want to take the time to make sure we capture the answers. I will post a replay. Mike mentioned the Aberdeen report comparing the platform vs the point solution this may provide some benefit as you think about your road map.

  • Question: Looking at certification review with regard to clinician access - we have lots of cases where clinicians have excessive access - what else can I do with regard to a layered ?
  • Answer: So there are two things that we would recommend - many of the excessive access issues can be prevented in the first place by provisioning ( See Oracle Identity Manager) users based on a pre-defined job role. This model works well and can speed up the audit. The second thing that organizations are doing is complimenting certification review with detective monitoring provided by Oracle Security Governor . To streamline the certification review portion - Oracle Identity Analytics has some easy to use reporting that can make this less cumbersome.
  • Question: We have primary care physicians scheduling appointments through our web interface from different parts of the state - can your solution help us manage their user passwords.
  • Answer: Yes - if you are using a web interface then we could enable self service password management for your connecting physicians. You can provide this capability with Oracle Access Manager - also consider the ability for your connecting physicians to connect directly to your external portal with Federation capabilities 
  • Question: Is there a role life-cycle management capability in the Oracle stack. How would I get started in that process
  • Answer: Yes Oracle Identity Analytics provides this - you can download it from our site
  • Question: SSO is well understood by all, but what about signing off? Multiple apps running over one SSO, how do you manage the signing off of individual apps?
  • Answer: This a great question - there are many circumstances where this is required - so with Oracle ESSO there is an ability for sign of where ESSO cleans up the cache so that someone else can use the terminal - we find this case in healthcare a lot.
  • Question: We are a hospital with lots of VIP celebrity patients - how can we secure access to specific the specific vip patient data .
  • Answer: We get asked this a lot - feel free to reach out to us and we can setup a conversation with a couple of our customers who are solving the same problem. Basically, there are a number of ways to solve this. At a detective level our security governor can detect when the incidence has occurred we can also use the Oracle Entitlements Server to guard the data directly at the application level. Would be happy to schedule a demo.
  • Question: What if we have an existing HR system like Peoplesoft can we use that to drive the access provisioning of our clinicians.
  • Answer: Yes if you have Peoplesoft or any other HR system - we can connect and drive provisioning from this source. There are is a white paper on this on our website.
  • Question: Given that there are lots of offerings in the product stack - where should we get started - can we start with any product in the stack
  • Answer: Because we have integrated the stack - customers can start from any point depending on the need. One paper that might be helpful is the recent Aberdeen report that talks about the tremendous cost saving of going with the platform approach.

Hope these answers provide you what you need. If you have follow up questions you can post them as comments below and we will answer them. Thanks again for joining us and we look forward to chatting again soon.



Thursday Aug 04, 2011

Getting IT Right with an End-to-End Access Control Strategy

In our last post, we talked about how new technologies and trends are driving the demand for identity management solutions. The question is: Are Identity Management solutions of today rising up to those challenges? While some of the time-tested Identity Management solutions are achieving maturity, the industry itself continues to evolve. No longer is Identity Management only about IT administration. The higher calling for Identity Management is (or should be) Business Enablement.

Oracle is hosting a live webcast today to discuss the evolving security and business (and user!) requirements and how that's changing the Identity Management solution and strategy set. Oracle's Vice President of Identity Management, Marc Boroditsky, will discuss how the conversation around Identity Management has completely changed over the last couple of years. Using data points and industry numbers, Marc will discuss how we need to re-think the concept of what an "end-to-end access control" solution should look like.

Please join in on the conversation because the webcast today is a discussion of recent findings and proof points not a lecture or a prescription on the topic. We look forward to an animated Q&A round with you today.

Here are the details:

Live Webcast: Getting IT Right with an End-End Access Control Strategy

Thursday, August 4th (today) at 10 am PDT/1 pm EDT

Register Now

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
3
4
5
6
7
8
11
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today