Wednesday Jul 31, 2013

Oracle Waveset to Oracle Identity Manager: A Case Study in Higher Education (Deloitte)

Deloitte is excited about the opportunity to introduce the first blog in a series of four blogs that will look at real world case studies involving Oracle Identity and Access Management (IAM). Our future blogs will expand on relevant IAM topics including: 1) Oracle Waveset to Oracle Identity Manager, 2) Oracle IAM in Telematics, 3) Oracle IAM with Governance Risk and Compliance, and 4) Oracle Identity & Access Governance with Database Security. Throughout this blog series, readers are encouraged to submit questions or comments which will feed into a roundtable type Q&A blog responding to selected comments and questions received.

In this edition of the Oracle IAM blog, we’ll look at a case study for migration from Oracle Waveset to Oracle Identity Manager for a higher education statewide system of community colleges, state universities and technical colleges. This also highlights how the flexibility of Oracle’s IAM product landscape contributed to creating a dynamic and sustainable solution for a public-facing system with nearly 500,000 users.

Current State Evaluation and Replication

The legacy Oracle Waveset instance connected to numerous institutional directories and provided end-user functionalities such as user self-service, account activation and password management as well as administrative help-desk functions with a highly customized interface and set of workflows.

As we analyzed these functions, we identified that a majority of these were available within Oracle Identity Manager (OIM) 11g R2 which simplified their replication. Further, the User Interface (UI) enhancements in OIM 11g R2 allowed for significant customization to the end-user pages, such as the ‘My Information’ page, with minimal custom code.  Initial replication of the core functionalities was crucial to the overall project and allowed for the replacement of Waveset as an end-user facing solution on Day 1 of the OIM go-live. However, this did not cover the numerous resource integrations that Waveset had behind the scenes that would also need to be migrated. Several functionalities such as account activation and password reset/forgot password that required specific workflows and service integration were replicated in separate Oracle ADF-based applications that were split away from the OIM managed servers. This allowed for the highly used end-user functions to run separate of the OIM instances to provide for increased flexibility in load management and tuning.

Resource Migration Approach

As the numerous resources requiring migration would take significant time and effort, it was decided that these resources would be moved over in a phased manner requiring both OIM and Waveset to operate in parallel for a period of time. This approach reduced risk, as a single cutover would have been highly complex with multiple moving parts across colleges and campuses. To enable this to be possible, OIM and Waveset would need to operate together as we migrated each campus from the old Waveset platform to the new OIM platform. To help accomplish this, a custom connector between OIM and Waveset was built to synchronize certain user attributes so that Waveset could update and maintain those attributes on the resources that remained to be managed by it.

Overall, this approach turned out to be highly beneficial as it allowed the team time to ease into using the new identity solution, reduced the risks that would have been present in a single “big bang” cutover event and allowed for a quick win which displays critical progress and success to solution stakeholders. 

Figure A – Oracle Waveset to Oracle Identity Manager resource migration approach

Additional Important Success Factors

Throughout the migration, we encountered a number of items that were deemed critical for meeting project goals that primarily focused on the following:

User Experience

As the solution’s primary users were public individuals that would likely not have significant training or usage guidance, focusing on a refined and calculated user experience such as clear verbiage, font sizing and coloring as well as succinct and detailed error messages was important. While these items may seem minor or insignificant to some readers, they, as expected, ended up being extremely beneficial to end-users and reduced support needs.

Performance and Tuning

With our highly active user-base, performance of the solution was critical to success. Use of the existing Oracle Fusion Middleware Performance and Tuning Guide as well as the OIM 11g R2 Reconciliation Tuning Whitepaper were critical for maintaining performance and ongoing stability of a solution with this size. Also important were key architectural decisions around load balancing, managed server clustering, as well as database clustering (e.g. RAC). Providing enough horsepower behind the solution and conducting due diligence around performance testing will reduce the amount of performance-related issues encountered in production.

In Conclusion

The phased migration of Oracle Waveset to Oracle Identity Manager 11g R2 allowed for a quick win in the initial cutover of end-user functions, a lower risk migration path and well as constant stream of “good news” as various campuses were migrated from the old solution to the new one in a phased manner. A focus on user experience and performance tuning also helped to create an effective environment for end-user interaction and contributed to achieving the goals of the initiative. Finally, the new OIM architecture will provide a solid infrastructure for future enhancements and a greatly increased user base that the prior Waveset environment could no longer support.

About the Author

Derek Dahlen is a Manager in Deloitte & Touche LLP’s Security & Privacy practice with over eight years of experience in information security. He specializes in managing, designing and architecting large-scale identity and access management projects with a focus on the Oracle product stack. He has worked with various clients across the financial services and state government sectors.

Tuesday May 28, 2013

See How Qualcomm Enforces Compliance with Oracle Identity Management

Qualcomm discusses the benefits of closed loop compliance remediation and other key features of Oracle’s latest Identity Management release, that enable them to meet business objectives, manage user access attestations, and enforce compliance.

Join us in watching this short video to understand how Oracle is enabling Qualcomm to meet and exceed their compliance goals with Oracle Identity Management. Click HERE to watch the video


Tuesday Feb 26, 2013

Let's Talk Security at HIMSS 13: UPMC, University of Louisville Are In!

In my last post on HIMSS, I talked about the various activities that Oracle is participating in or hosting at HIMSS 13. This post will focus on all things Security at HIMSS 13.

As you know, the annual HIMSS Conference this year takes place in New Orleans from March 4 – 7 (next week!) and if Security is of interest to you, you should take note of the following events. Oracle has teamed up Security experts at well known healthcare organizations including UPMC and University of Louisville to build an agenda geared towards security/IT professionals.

Security Breakfast
Tuesday, March 5, 2013, 7:00 a.m. – 8:00 a.m.
Hotel St. Marie, New Orleans

Enabling the Sharing of Medical Records Through Identity ManagementHealthcare Organizations Share Their Perspectives

Patients, doctors and  clinicians all need rapid access to ePHI whether it is delivered through a patient portal, a clinical application a mobile device or all of the above.  The fluid access and movement of data in a secure, monitored and protected environment is the goal and challenge of all Healthcare IT departments.  

Join the Oracle Security Breakfast to learn from UPMC, the University of Louisville and Oracle security professionals how enterprise identity, access and data security solutions can enable your facility to provide secure delivery of ePHI in all modalities within the context of meeting federal regulations, patient confidentiality and at the speed of efficient patient care.

Register Now: Send an email with your name, title, phone number, company name, and email address to or call +1 781-565-1708 to reserve a seat at this exclusive, invitation-only event. Event registration is free, compliments of Oracle.*

Learn how: 
• University of Louisville quickly and securely provides healthcare knowledge workers with near real-time clinical data and easy-to-understand-and-access metrics that they can use to engage patients in a meaningful way.

• UPMC rapidly provisions users into multiple clinical and administrative systems across multiple facilities within hours of a new employee joining the organization;  enforcing enterprise security, reducing risk and delving cost-effective compliance management.

• Oracle Mobile and Social Access technology can instantly provide social log in capabilities to existing patient and customer facing web services and provide enterprise class access management protection for mobile apps developed on iOS or Android platforms.

• Group Managers, Administrators and Team leads can easily confirm appropriate employee access to applications and systems with ePHI; quickly and efficiently improving compliance, securing sensitive data and reducing costs.

In addition, we have created more opportunities for you to engage with security professionals in your peer organizations and connect with Oracle executives and security experts in exclusive settings. To make it convenient, we are hosting encore sessions on different dates and times. Registration is free for the following sessions, compliments of Oracle.

Security Sessions

Monday, March 4, 2013

  • 3:00 p.m. – 4:00 p.m. : Enabling Rapid, Secure Access to Epic
  • 4:00 p.m. – 5:00 p.m. : Addressing the Final HIPAA OMNIBUS Rule’s Data Security Requirements

Tuesday, March 5, 2013

  • 10:00 a.m. – 11:00 a.m. : Enabling Rapid, Secure Access to Epic
  • 1:00 p.m. – 2:00 p.m. : How UPMC is Delivering Identity Management Services for Healthcare in the Cloud
  • 3:00 p.m. – 4:00 p.m. : Implementing Identity Management Services for Cerner
  • 4:00 p.m. – 5:00 p.m. : Addressing the Final HIPAA OMNIBUS Rule’s Data Security Requirements

Wednesday, March 6, 2013

  • 9:00 a.m. – 10:00 a.m. : Addressing the Final HIPAA OMNIBUS Rule’s Data Security Requirements
  • 11:00 a.m. – 12 noon: How UPMC is Delivering Identity Management Services for Healthcare in the Cloud
  • 3:00 p.m. – 4:00 p.m. : Implementing Identity Management Services for Cerner

If you would like to schedule meetings with our security experts in advance, simply send us a comment with your discussion topic and 3 preferred time slots and we will get back to you with a confirmation. Look forward to hearing from you at HIMSS 13.

Oh, and while on the topic of HIPAA compliance, be sure to tune into the webcast with Trizetto this Thursday (Feb 28 at 10 am PST/ 1 pm EST) as they discuss the roadmap to achieving HIPAA Compliance!

Webcast: Trizetto Achieves HIPAA Compliance with Identity Management
Thurs., February 28, 2013
10 a.m. PT / 1 p.m. ET
Register Here
Join Q&A live via twitter using #IDMTalk

* We are pleased to provide attendance at this event at no cost to government personnel when appropriate under applicable laws and agency policies. Oracle is committed to high standards of ethical conduct and does not intend to offer an inappropriate gift or create even the appearance of impropriety.

By attending this event and accepting any gifts which may be offered, the attendee certifies that he/she is able to do so in compliance with applicable laws and the internal rules of his/her organization. Oracle reserves the right to limit attendance accordingly and pursuant to Oracle policy.

The items available without charge at this event are valued at Breakfast $25 per person. We are pleased to accept payment for any portion of this event to facilitate compliance with applicable gift and ethics requirements.  Please contact Ben Robinson at with any questions or concerns about this disclosure.

Wednesday Jan 09, 2013

Telenet uses Oracle Identity Management

The Company:

Founded in 1996, Telenet began as a European broadband services pioneer. Today, the company is a market leader in Belgium for residential high-speed internet, telephony, and digital television services. It serves 1.24 million digital television subscribers, 1.22 million internet customers, and 815,000 fixed telephony accounts. Telenet Solutions, the company’s business market division, offers a complete communications solutions portfolio for organizations and corporations, holding a commanding lead in the Belgian/Luxembourg business market.

Business Challenges:

  • Existing legacy identity management system required custom coding and was hard to maintain
  • Need to automate user provisioning for a dynamic workforce
  • Need to automate immediate revocation of user accounts on job changes to improve security
  • Wanted to accelerate the internal approval process for user access to business application
  • Build transparency and gain complete insight into who has access to what and when


Telenet implemented Oracle Identity Management to centralize identity management and security operations. Leveraging Oracle Identity Manager and Oracle Identity Analytics (part of Oracle Identity Governance Suite), Telenet managed to automate user account administration, streamline user access control, optimize license management and offer insight into who had access to what business applications.

For more information on Telenet’s implementation, check out the case study and the following video.

Thursday Nov 08, 2012

Identity R2 - Experts Podcast Series

To follow up on the Identity Management R2 launch, a series of podcasts were recorded with subject matter experts from customer organizations, our partners and Oracle’s PM team to discuss key trends, R2 capabilities, implementation best practices and more. Below is a roll-up of the podcast series that is available on Fusion Middleware radio.

R2 Podcasts:


·         Designing the Next-Generation Identity Platform
Vadim Lander, Oracle
Highlights: Common architecture model, integration, interoperability and the driving factors behind R2 innovation
IT Departments are shifting their Identity Management strategy to be able to support mobile, cloud and social applications. Oracle has anticipated this shift and has built a product roadmap to take advantage of this focus. Join Vadim as he discusses the design strategy behind the latest 11gR2 release and talks about how IDM services have to evolve to meet this new challenge.


·         BETA Customer Perspective on R2
Ravi Meduri, Kaiser Permanente
Highlights: R2 scalability and high availability
In this podcast Ravi discusses the new features in 11gR2 that he is most interested in, including High Availability options for Access Management, multi-datacenter architecture, and what it was like working with the Oracle product team during the BETA program.


·         Partner Perspective on R2
Rex Thexton, PricewaterhouseCoopers
Highlights: Usability Enhancements for Users and Administrators
A lot of new usability features went into the 11gR2 release making this the most business friendly IDM release to date. In this podcast Rex Thexton, Managing Director from PwC, talks about some of the new UI changes for both end users and administrators, and also about the new connector creation framework.


Access Request Updates in R2
Marc Boroditsky, Oracle
Highlights: Access request User Interface innovations
A lot of changes have been made to the Access Request user interface in the latest version of Oracle Identity Manager 11gR2. A real focus has been put on making the request process more business user friendly, and a lot of new customization capability has been added for the IT administrators. Hear Marc discuss the updated UI, and explain how administrators will be able to customize OIM to meet their company's requirements


·         Oracle Optimized System for Oracle Unified Directory (OOS4OUD)
Nick Kloski, Oracle
Highlights: New Optimized System configuration for Unified Directory
One of the new features in 11gR2 is the availability of an Optimized System configuration for Oracle Unified Directory. Oracle engineers installed the OUD software onto off the shelf hardware and then created a performance tuned configuration. Join us as we talk to Nick Kloski, Infrastructure Solutions Manager, all about the testing process and the resulting performance metrics.


Privileged Account Management
Mark Wilcox, Oracle
Highlights: Oracle Privileged Account Manager key capabilities, use cases
The new release of Oracle Identity Management 11g R2 includes the capability to manage privileged accounts. Privileged accounts, if compromised, create a risk for fraud in the enterprise and as a result controlling access to privileged accounts is critical. Hear what Mark Wilcox, Principal Product Manager of Oracle Privileged Account Manager has to say about the capabilities of the offering in this podcast.


·         Browser-based User Interface (UI) Customization
Clayton Donley, Oracle
Highlights: Benefits of Durable UI Configuration framework
Business users need user interfaces that are not only friendly but also easily customizable. However the downside of any customization project is the cost and complexity involved in developing, testing, deploying and managing custom code. In this podcast, we examine how a new capability in Oracle Identity Management around browser based UI customization can reduce costs and complexity of customization while simplifying self service integration with corporate portal strategies.


·         Simplifying Mobile and Social Sign-On
Dan Killmer, Oracle
Highlights: Secure mobile sign-on and consumption of social identities with Oracle Access Management
The proliferation of mobile devices has spurred a new trend where employees tend to bring their own mobile devices to work and access corporate applications the same way they would access from a desktop or laptop. In this podcast, we examine how Oracle's latest innovation in Identity Management around Mobile and Social Sign On can simplify security and access management challenges posed by the widespread adoption of mobile devices in the enterprise.

·         Enabling Your Business with IDM R2
Scott Bonnell, Oracle
Highlights: Self service, mobile access, personalization
Gone are the days when Identity Management was just about stopping unauthorized users in their tracks. Identity Management if done right, can also enable your business. Join Scott Bonnell as he discusses how the IDM 11gR2 release enables the enterprise by providing self service, personalization and mobile access to corporate resources.

Wednesday Oct 10, 2012

Brazil Identity Customer Forum a Huge Success

As we continue to execute on the global Identity Management 11gR2 launch event series, if the success of the Brazil event is any indication, the London event coming up on October 24th will be a blowout! These events provide a unique opportunity to hear directly from and network with existing (and successful) Oracle Identity Manaagement customers, as well as connect directly with product & technology experts. The Identity Forum agenda includes presentation from product experts on the latest release of Oracle Identity Management, followed by live product demonstration and local customer presentations or panel discussions with both customers and implementation partners.

The very successful launch event in Brazil concluded yesterday. Here are some pictures from the event.

Want to be part of the identity Customer Forum? Then do connect with your local Oracle representative or let us know via this blog or @oracleidm. We hope to see you soon at an event near you.


Friday Oct 05, 2012

Most Innovative IDM Projects: Awards at OpenWorld

On Tuesday at Oracle OpenWorld 2012, Oracle recognized the winners of Innovation Awards 2012 at a ceremony presided over by Hasan Rizvi, Executive Vice President at Oracle.

Oracle Fusion Middleware Innovation Awards recognize customers for achieving significant business value through innovative uses of Oracle Fusion Middleware offerings. Winners are selected based on the uniqueness of their business case, business benefits, level of impact relative to the size of the organization, complexity and magnitude of implementation, and the originality of architecture.

This year’s Award honors customers for their cutting-edge solutions driving business innovation and IT modernization using Oracle Fusion Middleware. The program has grown over the past 6 years, receiving a record number of nominations from customers around the globe. The winners were selected by a panel of judges that ranked each nomination across multiple different scoring categories.

Congratulations to both Avea and ETS for winning this year’s Innovation Award for Identity Management.

Identity Management Innovation Award 2012 Winner – Avea

Company: Founded in 2004, AveA is the sole GSM 1800 mobile operator of Turkey and has reached a nationwide customer base of 12.8 million as of the end of 2011

Region: Turkey (EMEA)

Products: Oracle Identity Manager, Oracle Identity Analytics, Oracle Access Management Suite

Business Drivers:

·         To manage the agility and scale required for GSM Operations and enable call center efficiency by enabling agents to change their identity profiles (accounts and entitlements) rapidly based on call load.

·         Enhance user productivity and call center efficiency with self service password resets

·         Enforce compliance and audit reporting

·         Seamless identity management between AveA and parent company Turk Telecom

Innovation and Results:

·         One of the first Sun2Oracle identity management migrations designed for high performance provisioning and trusted reconciliation built with connectors developed on the ICF architecture that provides custom user interfaces for  dynamic and rapid management of roles and entitlements along with entitlement level attestation using closed loop remediation between Oracle Identity Manager and Oracle Identity Analytics.

·         Dramatic reduction in identity administration and call center password reset tasks leading to 20% reduction in administration costs and 95% reduction in password related calls.

·         Enhanced user productivity by up to 25% to date

·         Enforced enterprise security and reduced risk

·         Cost-effective compliance management

·         Looking to seamlessly integrate with parent and sister companies’ infrastructure securely.

Identity Management Innovation Award 2012 Winner – Education Testing Service (ETS)

      Company: ETS is a private nonprofit organization devoted to educational measurement and research, primarily through testing.

Region: U.S.A (North America)

Products: Oracle Access Manager, Oracle Identity Federation, Oracle Identity Manager

Business Drivers: ETS develops and administers more than 50 million achievement and admissions tests each year in more than 180 countries, at more than 9,000 locations worldwide.  As the business becomes more globally based, having a robust solution to security and user management issues becomes paramount. The organizations was looking for:

·         Simplified user experience for over 3000 company users and more than 6 million dynamic student and staff population

·         Infrastructure and administration cost reduction

·         Managing security risk by controlling 3rd party access to ETS systems

·         Enforce compliance and manage audit reporting

·         Automate on-boarding and decommissioning of user account to improve security, reduce administration costs and enhance user productivity

·         Improve user experience with simplified sign-on and user self service

Innovation and Results:

1.    Manage Risk

·         Centralized system to control user access

·         Provided secure way of accessing service providers' application using federated SSO.

·         Provides reporting capability for auditing, governance and compliance.

2.    Improve efficiency

·         Real-Time provisioning to target systems

·         Centralized provisioning system for user management and access controls.

·         Enabling user self services.

3.    Reduce cost

·         Re-using common shared services for provisioning, SSO, Access by application reducing development cost and time.

·         Reducing infrastructure and maintenance cost by decommissioning legacy/redundant IDM services.

·         Reducing time and effort to implement security functionality in business applications (“onboard” instead of new development).

ETS was able to fold in new and evolving requirement in addition to the initial stated goals realizing quick ROI and successfully meeting business objectives.

Congratulations to the winners once again. We will be sure to bring you more from these Innovation Award winners over the next few months.

Tuesday Oct 02, 2012

News from OpenWorld: Oracle Announces Identity Governance Suite


At OpenWorld, Oracle today announced the release of Oracle Identity Governance Suite. An end-to-end access governance solution, Oracle Identity Governance Suite addresses compliance, governance and identity administration requirements.

Built on Oracle’s unique platform approach to Identity Management, the suite offers a single, comprehensive platform for access request, provisioning, role lifecycle management, access certification, closed loop remediation and privileged account management. The suite offers benefits like dramatic reduction in administration (and help desk) overhead, cost-effective compliance enforcement and reporting, enhanced user experience and analytics driven insight.

More details available in the announcement and on our website.

Additional Resources:

·         Oracle Identity Governance Datasheet

·         Oracle Privileged Account Manager

·         Integrated Identity Governance Whitepaper

·         Gartner Magic Quadrant for User Provisioning

·         Join the Oracle Identity Management online communities: Blog, Facebook and Twitter

Thursday Apr 26, 2012

What is more important when handling patient health records: Security, Compliance or Privacy?

Healthcare organizations are being put under increasing pressure to protect patient health information and to protect the privacy of their VIP or celebrity patients.

Join Sid Mishra, Oracle Product Manager as he reviews recent changes to the requirements for Security and Identity Management driven by updates to the HIPAA and HITECH regulations as well as breaches of patient confidentiality that ended up on the evening news.  Sid demonstrates how Oracle Security Govenor provides historic and real-time detection and prevention of unauthorized access, to protect patient information across multiple IT systems and data sources.



Tuesday Mar 13, 2012

Identity Management at COLLABORATE 12


Getting ready for COLLABORATE 2012? If Security and Identity Management are top of mind for you, then we have some recommendations for you.

Bringing together Oracle Applications and Technology education, COLLABORATE 2012 is a forum designed and delivered by Oracle users. Produced by the three independent user groups, Independent Oracle Users Group (IOUG), Oracle Applications Users Group (OAUG) and Quest International Users Group (Quest), COLLABORATE offers keynotes, deep-dives, workshops and user-driven sessions spanning technology, application and cross solutions. This year the conference is from April 22- 26 at Mandalay Bay Convention Center in Las Vegas.
Oracle Identity Management solutions enable organizations to secure critical data and applications, efficiently enforce regulatory compliance and reduce operational costs. In addition to our conference sessions, as an added value this year, we are offering a half-day deep dive session on Oracle Identity Management: Building a Security and Compliance Framework for Oracle Systems. The session is scheduled for Sunday, April 22nd from 9 am to 3 pm and will cover relevant topics such as:
• A Primer on Identity Management
• Security and Compliance with Oracle Identity Management
• Security for Oracle Applications, Fusion Applications
• Managing Identities in The Cloud and Mobile World
• Best Practices: Building an Identity Roadmap and Getting Started

To get a head start on your compliance and security program, pre-register for this session today.

The Identity Management sessions are supported by subject matter experts on technology, consulting and implementation so you are sure to get the complete perspective on what it takes to design and implement a successful program to meet your security and compliance objectives.

To find out more about Identity Management at COLLABORATE 12, here’s our recommended roadmap:
1. If you haven’t done so, do browse through COLLABORATE 12 website and register with the user group for information and events most tailored to your needs.
2. Click on “My Show Planner” and enter “Identity Management” in the keyword search box.
3. Pre-register for the sessions by clicking on “Add to Planner”


Look forward to seeing you at COLLABORATE 12 in Las Vegas next month.

Tuesday Mar 06, 2012

Cisco's Platform Approach to Identity Management

As Security Architect for Enterprise Identity and Access Management Service in Cisco Systems, Inc., Ranjan Jain knows a few things about how to get Identity Management right. After all, he has spent over 12 years in the Security industry in various roles from administrator to technical lead to domain expert and security architect.  

On March 14th, join industry veteran, Michael Neuenschwander as he hosts a live, online interview with Ranjan to discuss the drivers, challenges and merits of the Platform approach to Identity Management. Using Cisco's own implementation as the backdrop, Ranjan and Michael will discuss the roadmap to a successful Identity Platform implementation. We are hoping that Ranjan would also elaborate on his belief that "password is the necessary evil and enterprises should be proactive in reducing their password footprint".

Join us for this live, complimentary webcast:

Live: Cisco's Platform Approach to Identity Management

Wednesday, March 14, 2012

10 am Pacific/ 1 pm Eastern

Register Now

Thursday Jan 12, 2012

Security Newsletter January Edition is Out Now

Security Inside Out Newsletter

The January edition of the very popular Security Inside Out Newsletter is now out. This edition puts the spotlight on Security in Healthcare. Whether it is patient privacy or complying with federal and industry regulations like HIPAA, Sarbanes Oxley (SOX), HITECH and more, security issues are top of mind for most healthcare organizations. Oracle's Security Inside Out approach offers comprehensive protection for your data, identity and applications. Check out the top feature in the newsletter to hear how some of your peer organizations are meeting their security, compliance and patient care goals with Oracle Security and Identity Management solutions.

If you attended our recent Enterprise Single Sign-On (ESSO) webcast, you already know that companies on average realize over 140% in return-on-investment (ROI) with the ESSO implementation. Organizations have been able to slash over 80% of password related calls to their helpdesk saving a tremendous amount in helpdesk overhead and improving user productivity. Get your hands on the ESSO Buyers Guide and don't miss this feature article in the newsletter that discusses recent customer success stories.

This edition is also your one-stop shop for getting your hands on the latest materials including a recently issued IDC Report on Data Security, Oracle whitepaper comparing Oracle and Novell Identity Management solutions, SANS product review report on Oracle Database Vault and more. Keep up to date on the latest Oracle Security news, upcoming events, webcasts and more by subscribing to the newsletter now.

Happy reading!

Tuesday Jan 10, 2012

Customers Talk: 5 Identity Platform Webcasts You Can’t Miss

2011 saw talk of Identity Management emerging from under the shadows of IT to serve the needs of the business. We predict 2012 will see a lot of attention paid to how Identity Management is enabling the business, transforming the way IT is leveraged to meet business objectives.

A common theme among their stories is that Identity Management is not a point solution. Identity Management is a platform of complimentary solutions with a rationalized architecture that can be adopted separately but provide strong interoperability to reduce total cost of ownership. A recent study by Abderdeen noted that organizations who have taken a platform approach can save up to 48%.

Oracle is proud to launch a series of webcasts where we’ll explore the diverse challenges that organizations are facing, and you can hear real customers speak to their specific business objectives and how they leveraged the Identity as a Platform approach to tackle those. In this 5-webcast series, you will hear first-hand from your peers at SaskTel, Agilent, Cisco, ING and Toyota, and learn how leading organizations are rethinking Identity Management as a business versus an IT initiative. You will find that the challenge each of these customers was looking to solve was quite different from each other, yet there is a commonality in their approach to the solution.

To register for one or more of these webcasts and to know more, click here.

Build a Secure Cloud with Oracle Identity Management

Wednesday, January 25, 2012 10:00 AM PST

Presenters: Brian Baird, Chief Technology Officer Identity Management Center of Excellence, SaskTel and Marc Chanliau, Director Product Management, Oracle

Best Practices, Getting Started with an Identity Platform

Wednesday, February 15, 2012 10:00 AM PST

Presenters: Balganesh Krishnamurthy, Agilent and Naresh Persaud, Director, Product Marketing, Oracle

Cisco's Platform Approach to Identity Management

Wednesday, March 14, 2012 10:00 AM PDT

Presenters: Ranjan Jain, Domain Architect for Enterprise Identity, Cisco and Michael Neuenschwander, Sr. Director, Product Management, Oracle

Scaling Role Management and Access Certification to Thousands of Applications

Wednesday, April 11, 2012 10:00 AM PDT                                                                           

Presenters: Mark Robison, Enterprise Architect, ING and Neil Gandhi, Principal Product Manager, Oracle

Putting Customers First: Identity Platform as a Business Enabler

Wednesday, May 30, 2012 10:00 AM PDT

Presenters: Mike Colbus, National Technology Delivery Manager, Toyota and Marc Boroditsky, Vice President Product Management, Oracle

Register today and discover how Identity as a Platform can transform the way you do business.

Friday Dec 02, 2011

Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics – Q&A Follow-Up

Thanks to all who attended the live webcast event hosted by Healthcare IT News. Hope you find the discussion and the presentations useful; we look forward to a continued conversation.

Compliance in healthcare has always been an active discussion in the identity management industry and here at Oracle too. So, we were very pleased when Jason W. Zellmer, Director, Strategy and Information Management at Kaiser Permanente Information Security agreed to be on a live panel discussion with us to share his experiences and insights with his peers. Especially after having had a similar role in a financial services organization in the past, his commentary on how acute identity management and compliance needs are in a healthcare organization like Kaiser Permanente was particularly insightful. The live event also allowed us to bring in experts from Kaiser’s identity management implementation partner, PricewaterhouseCoopers as well as Oracle’s own solution expert to provide a 360-degrees perspective on healthcare compliance solution design and implementation for healthcare organizations.

The on-demand webcast replay is now available and so are the slides for download. And, since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Could you brief about the OOTB component in ERP for managing SOD checks and how this is effective in the context of integrating with OIM and OIA?

A. Oracle Identity Manager (OIM) and Oracle Identity Analytics (OIA) work seamlessly with OOTB ERP SOD engines like Oracle Applications Access Control Governor (OAACG) to enable both preventative SOD (and IT policy monitoring) checks during the user provisioning process as well as detective and remedial SOD actions.

Q. How are Oracle IDM products flexible with the changing compliance requirements if any?

A. As compliance regulations continue to evolve, standards-based, open Oracle Identity Management solutions allow you to easily configure your workflows in accordance with the changing requirements. And since Oracle Identity Management solutions allow you to externalize security from applications and provide a centralized security platform, organizations can easily adapt to the changing regulatory and compliance landscape without having to rip and replace existing solutions.

Q. Where did you get the 48% IAM cost reduction and 80% productivity boost from?

A. Recently Aberdeen Research conducted a survey comparing cost savings from Platform vs. Point solutions in identity Management and found that organizations choosing products from an integrated stack can save up to 48% long term and achieve better automation and lower administrative costs. Please refer to the Aberdeen paper available for download. The 80% user productivity boost was determined based on the benchmark study conducted for the latest release of Oracle Identity Analytics 11g. Please refer to the recent announcement of availability of enhanced Oracle Identity Analytics.

Q. You referred to an ROI study on Identity Analytics and a model for computing compliance cost savings. Where can I find more information?

A. Forrester Consulting recently conducted a study where they interviewed 4 organizations that had deployed Oracle Identity Analytics to understand the various use cases, cost implications and the results from their respective implementations. Based on these actual studies, Forrester then built an ROI model and calculated aggregated savings for a typical organization. We recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

Tuesday Nov 15, 2011

Limiting Audit Exposure and Managing Risk – Q&A and Follow-Up Conversation

Thanks to all who attended the live ISACA webcast on Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics. We were really fortunate to have Don Sparks from ISACA moderate the webcast featuring Stuart Lincoln, Vice President, IT P&L Client Services, BNP Paribas, North America and Neil Gandhi, Principal Product Manager, Oracle Identity Analytics. Stuart’s insights given the team’s role in providing IT for P&L Client Services and his tremendous experience in identity management and establishing sustainable compliance programs were true value-add at yesterday’s webcast.

And if you are a healthcare organization looking to solve your compliance and security challenges, we recommend you join us for a live webcast on Tuesday, November 29 at 10 am PT. The webcast will feature experts from Kaiser Permanente, PricewaterhouseCoopers and Oracle and the focus of the discussion will be around the compliance challenges a healthcare organization faces and best practices for tackling those. Here are the details:

Healthcare IT News Webcast: Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics

Tuesday, November 29, 2011
10:00 a.m. PT / 1:00 p.m. ET

Register Today

The ISACA webcast replay is now available on-demand and the slides are also available for download. Since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Can you please clarify the mechanism utilized to populate the Identity Warehouse from each individual application's access management function / files?

A. Oracle Identity Analytics (OIA) supports direct imports from applications. Data collection is based on Extract, Transform and Load (ETL) that eliminates the need to write connectors to different applications. Oracle Identity Analytics’ import engine supports complex entitlement feeds saved as either text files or XML. The imports can be scheduled on a periodic basis or triggered as needed. If the applications are synchronized with a user provisioning solution like Oracle Identity Manager, Oracle Identity Analytics has a seamless integration to pull in data from Oracle Identity Manager.

Q.  Can you provide a short summary of the new features in your latest release of Oracle Identity Analytics?

A. Oracle recently announced availability of enhanced Oracle Identity Analytics. This release focused on easing the certification process by offering risk analytics driven certification, advanced certification screens, business centric views and significant improvement in performance including 3X faster data imports, 3X faster certification campaign generation and advanced auto-certification features, that  will allow organizations to improve user productivity by up to 80%. Closed-loop risk feedback and IT policy monitoring with Oracle Identity Manager, a leading user provisioning solution, allows for more accurate certification reviews. And, OIA's improved performance enables customers to scale compliance initiatives supporting millions of user entitlements across thousands of applications, whether on premise or in the cloud, without compromising speed or integrity.

Q. Will ISACA grant a CPE credit for attending this ISACA-sponsored webinar today?

A. From ISACA: Hello and thank you for your interest in the 2011 ISACA Webinar Program!  Unfortunately, there are no CPEs offered for this program, archived or live.  We will be looking into the feasibility of offering them in the future. 

Q. Would you be able to use this to help manage licenses for software? That is to say - could it track software that is not used by a user, thus eliminating the software license?

A. OIA’s integration with Oracle Identity Manager, a leading user provisioning solution, allows organizations to detect ghost accounts or unused accounts via account reconciliation. Based on company’s policies, this could trigger an automated workflow for account deletion or asking for further investigation. Closed-loop feedback between the two solutions would then allow visibility into the complete audit trail of when the account was detected, the action taken, by whom, when and the current status.

Q. We have quarterly attestations and .xls mechanisms are not working. Once the identity data is correlated in Identity Analytics, do you then automate access certification?

A. OIA’s identity warehouse analyzes and correlates identity data across various resources that allows OIA to determine a user’s risk profile, who the access review request should go to, along with all the relevant access details of the user. The access certification manager gets notification on what to review, when and the relevant data is presented in a business friendly screen. Based on the result of the access certification process, actions are triggered and results recorded and archived. Access review managers have visual risk indicators that also allow them to prioritize access certification tasks and efforts.

Q. How does Oracle Identity Analytics work with Cloud Security?

A. For enterprises looking to build their own cloud(s), Oracle offers a set of security services that cloud developers can leverage including Oracle Identity Analytics.  For enterprises looking to manage their compliance requirements but without hosting those in-house and instead having a hosting provider offer managed Identity Management services to the organizations, Oracle Identity Analytics can be leveraged much the same way as you’d in an on-premise (within the enterprise) environment. In fact, organizations today are leveraging Oracle Identity Analytics to manage identity compliance in both these ways.

Q. Would you recommend this as a cost effective solution for a smaller organization with @ 2,500 users?

A. The key return-on-investment (ROI) on Oracle Identity Analytics is derived from automating compliance processes thereby eliminating administrative overhead, minimizing errors, maintaining cost- and time-effective sustainable compliance processes and minimizing audit exposures and penalties.  Of course, there are other tangible benefits that are derived from an Oracle Identity Analytics implementation as outlined in the webcast. For a quantitative analysis of your requirements and potential ROI calculation, we recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

Thursday Nov 03, 2011

2011 Innovation Award Winners - Identity Management

The winners of 2011 Innovation Awards were announced last month during Oracle OpenWorld. The Award recognizes customers for achieving significant business value through innovative uses of Oracle Fusion Middleware.  For Identity Management, that meant deriving and proving exceptional business value, delivering architecture innovation, solving unique challenges and driving industry leadership. With over 20 nominations this year, the panelists had a difficult task ahead of them. One thing was certain though, the winners would be great examples of excepetional use of cutting-edge Identity Management solutions.

This year's winners demonstrated new ways of leveraging cloud and social environments to enhance customer interaction and service levels as well as building business intelligence from IT data to empower business and support management decisions. We congratulate the winners of 2011 Innovation Awards for Identity Management:

ING North America Insurance

Looking to streamline the access certification processes for in-time compliance and manage the complexity of user identity administration, ING North America Insurance implemented Oracle Identity Analytics and Oracle Identity Manager. A combination of detailed planning, close collaboration with Oracle and its implementation partner, and the use of advanced industry solutions allowed ING to achieve its compliance and governance goals. In addition, with business friendly reports and actionable insight, ING's implementation empowered business and offered greater transparency. The team was also able to clearly define, measure and present success metrics to the business.

College Board

With over 50 identity stores and multiple point solutions including some custom technologies, the organization found integrating applications and extending the identity management platform to be complex, time-consuming, costly and unscalable. The approach also left security gaps. To tackle these inefficiencies and unnecessary overhead, College Board started with the implementation of Oracle Identity and Access Management Suite Plus. Not only was the organization looking to seamlessly replace the old, non-standard custom system with a centralized, integrated, standards-based platform, College Board was also looking to leverage social media with the enterprise environment. The innovative integration with Oracle Identity Manager and Oracle Identity Federation allows the organization to reach millions of potential users via social media and offer advanced services to the users using federated login. The use of Oracle Access Manager and Oracle Directory Services enable secure authentication services for College Board's users.


A subsidiary of Turk Telecom, TTNET serves over 6.5 million subscribers across Turkey, providing high technology broadband and other value-added services (VAS). TTNET's VAS are different web applications (each with their own authentication server and user repositories) and technologies coming from 10 different partners. Providing a seamless experience to the customer, thus, became a challenge. Lack of a common authentication platform also left security gaps. With the implementation of Oracle Identity and Access Management Suite Plus, TTNET launched its "Tek Sifre" (One Password) project VAS, providing its subscriber base unified single sign-on with secure and standard authentication and user administration in the background. Now, the customers can use secure single sign-on while the company leverages a standards based user access management and identity adminsitration platform for identity management and compliance, SLA reporting.


Here is a great example of cloud-based Identity-as-a-Service implementation. The company wanted to enforce and streamline user access compliance and automate user provisioning but without having the burden to maintain the infrastructure in-house. So, leveraging Oracle Identity Manager and Oracle Identity Analytics technologies via Simeio Solution's DirectAXS offering, the company was able to achieve its compliance, security and user productivity goals. The implementation benefits included streamlined and automated user provisioning, complete with audit trails and efficient access certification with complete view of user privileges and advanced detection and remediation of ghost accounts.

For information on the winners of the Fusion Middleware Awards for 2011, visit:

Thursday Oct 27, 2011

Limting Audit Exposure and Managing Risk: A BNP Paribas, North America Success Story

Audits are not something we look forward to typically. Because audits mean we have to prepare for the exercise in addition to doing our daily jobs. Compliance mandates and company policies, however, have made access certification audits a necessary job function. In a large enterprise, that would mean, reviewing access for thousands of users across hundreds of applications in a dynamic environment i.e., where users change jobs, locations, move to and from projects, join or leave the company. The traditional spreadsheet model clearly can't work here. And even if you are somehow able to enforce access policies, how do you prove to your auditors the same? And hence, Audit Eye! If you haven't seen the video, you should check it out now.


BNP Paribas, North America took the access certification challenge head-on and triumphed. Are you looking at solving your complex access certification (attestation) challenges? Looking to make the the access certification process simpler, quicker and more reliable? Then, we invite you to come listen to Stuart Lincoln's presentation on a live ISACA webcast on how BNP Paribas, North America implemented well thought-out strategy and solution to make access certification review processes sustainable, convenient and streamlined and audits - a lot less painful. We look forward to a good conversation.

Live ISACA Webcast: Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics
Thursday, November 10, 2011
9 a.m. PDT / 12 p.m. EDT
Register Here

Monday Oct 10, 2011

Identity Management Seminar - Coming to a City Near You

Safeguarding a business has never been more challenging. The number of security breaches has increased significantly around the world. In addition, regulatory requirements have become more demanding. Businesses are under growing pressure to not only enforce granular access privileges and monitor access certifications, but also to demonstrate that their controls can detect and prevent security policy violations, which can be an expensive and time-consuming task.

At Oracle, our industry leading Identity Management solutions offer a unique approach called "Entitlement-Driven" Identity Management.  Just like an atom is the fundamental element of all matter, we believe that entitlements are the fundamental elements of security. Since entitlements are at the core of all security requirements, enterprises should really think about enforcing security on the basis of entitlements rather than just relying on user identities.  An entitlement-driven approach to identity management ensures that security policies can be consistently applied, quickly deployed, and easily managed to help reduce risk, reduce costs, provide transparency, and satisfy compliance mandates.

Want to learn all about identity management and the benefits of an entitlement-based approach?  Oracle Identity Management is coming to a city near you with half-day seminars that give you an opportunity to experience learning with fun.  Here is the list of cities and dates. Stay tuned to this page as we update this with more venues in the near future. Register today and don't miss the opportunity to learn how you can benefit with Oracle Identity Management.


Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.


« July 2016