Tuesday Mar 03, 2015

Does Your Company Recognize Your Online Identity - Anywhere, Anytime?

Our mobile IDs travel with us to work, back home, and on the road. Businesses are learning to cope.

by Lynne Sampson

Like most aspiring writers, I loved going to the library as a kid. I had a library card as soon as I was old enough to sign my name—creased and frayed from overuse, tucked inside my mom’s wallet. Mom and I handed our cards to the librarian at each visit, and she looked up our names in the library register and compared our signatures to the ones on our cards.

This old-fashioned, analog ID system was around for a long time. It was less than 10 years ago that my local library replaced paper cards with plastic ones, with a photo ID and a magnetic stripe.

Today, analog IDs have gone the way of cursive script. Nearly all IDs are digital. Since the rise of the internet, our banks, employers, and apps ask us for a plethora of user names, passwords, and security questions to prove that we are who we say we are.

This is a nuisance for absent-minded consumers who make frequent use of the “Forgot My Password” button. But it’s an even bigger problem for the companies and employers that we do business with.

67% of Fortune 500 companies connect with customers via mobile app

“Mobile has become the platform of choice for everything from work to vacationing,” said Naresh Persaud, senior director of security product marketing at Oracle. “That adds a layer of complexity to identity management that most organizations haven’t had to deal with before.”

Consider the way we work. “Many companies have salespeople who travel constantly. They use their tablets all the time, and they want to log into their applications, track their deals, check and assign new leads. They like the mobile experience because it’s familiar and easy to navigate,” Persaud said.

What’s not so easy is provisioning all those mobile devices for a corporate network—especially as more and more of us use our personal devices for work.

89% use personal devices for work purposes

Adding further complexity to the mix, a growing volume of marketing, selling, and hiring is done via social channels like Facebook, Twitter, and LinkedIn. “Many of us need social tools integrated into our mobile identities,” Persaud continued. For example, one B2B company tracks new leads coming in from marketing campaigns and then checks the prospect’s ID on LinkedIn. If the sales manager finds a rep who is already part of the prospect’s LinkedIn network, he’ll assign the lead to that rep, using existing relationships to gain an introduction.

And it’s not just customers or employees who companies must think about. “At some companies, like online music providers, the product itself is digital.” This is becoming more common as the “sharing economy” (driven by apps like Uber and Airbnb) takes flight. This means keeping track of which user has access to which products and services. “We’ve entered a world of ‘digital abundance,’ where our mobile ID becomes the currency of entitlement,” Persaud said.

What does it take to manage our mobile identities? How do companies give employees and customers access to all their apps, systems, and products from a multitude of devices?

Companies need to establish policies, technologies, and best practices to manage and audit the use of mobile devices. Mobile should be an integral part of your company’s larger security and identity strategy.

“You need an integrated platform that provisions access to data and systems, manages the identities of people, and authenticates devices,” Persaud explained. “Integrated” is the key ingredient when it comes to managing mobile identities. Using separate security solutions for data, devices, and people makes it more complicated for customers and employees to get access to the tools they need. Plus, a single identity for each user—no matter which device they’re on—can help you maximize conversion and revenue.

“A great example of this is Beachbody,” Persaud said. Beachbody provides home fitness products and creates a community for members trying to reach their physical fitness goals. “Instead of physical locations, Beachbody delivers products and services via the web and mobile devices.” To connect with millions of customers and thousands of fitness coaches, Beachbody needed to digitize identity and do it securely across multiple channels. “Mobile was perhaps the most important part of their identity management project,” Persaud added, “because it’s become the platform of choice for consumers.”

Our mobile identities are somewhat akin to DNA—unique, evolving, and hugely complicated. Someday, our DNA might actually be the key that we use to access all technology and services, from pension checks to downloaded music. Until that happens, though, companies need to work with mobile identities. That means working with an integrated security suite that includes mobile as a consideration equal to data and people.

See the Oracle Mobile Platform at Mobile World Congress

Learn about Oracle Identity Management Solutions


Thursday Feb 19, 2015

Look, Puppies! And Other Stories from the Utility Industry’s Digital Transformation

The digital revolution is creating abundance in almost every industry—turning spare bedrooms into hotel rooms, low-occupancy commuter vehicles into taxi services, and free time into freelance time. This abundance is delivered on mobile devices. One industry, however, is using mobile apps to help its customers do less.

The utility industry is using smartphones to help its customers conserve energy in their daily lives by tapping into smart meters.

The results can be powerful. Armed with information from smart meters, consumers can reduce their energy bill by 20 percent. Using the dishwasher at 12 a.m., for example, will cost less than running it after dinner when everyone else is doing the same. To provide a wider economic lens, if only 10 percent of American households reduced energy consumption by 26 percent, the excess energy could power 2.8 million homes or reduce energy bills by US$4 billion annually.

In Belgium, smartphones and tablets provided a ubiquitous platform to deploy energy-saving applications. So Electrabel, Belgium’s largest energy company, launched a campaign to provide smart boxes, smart thermostats, and smart plugs that would allow homeowners to view power usage and control appliances from their mobile devices. A great idea! But how to make it all secure?  

Providing digital access to all of the appliances in someone’s home requires rethinking security: Which users in the household would be allowed to control the devices? How can the utility company detect fraud and take corrective action? With all of these devices online, how can the utility company manage access by administrators? How can it enable consumers with simple services like password reset and profile changes? Not surprisingly, 40 percent of the attacks on the energy and utilities sector have come in the form of web application attacks.

To keep its smart meter and mobile services from going to the dogs, Electrabel used Oracle’s security solutions. You can read about Electrabel’s implementation in Oracle Magazine, along with another interesting use case at Vodafone Group.

Electrabel was so confident in its solution that it launched a puppy-heavy national ad campaign to encourage participation. Here are more puppies. Need more? Here.

Stories like Electrabel’s are only the beginning. Cisco estimates that by 2020, there will be 50 billion devices on the planet and, according to the report, 69 percent of the value will be people-centric communication, which makes the Electrabel story that much more important—because the interaction between devices and people will rely on similar security processes.

Some estimates show that the smart home market will double by 2018. Like Electrabel, the industry must do the work to keep criminals from hacking these applications and stealing personal data—or even worse, using these services as an entry point to cause potentially catastrophic failures like the attacks against SCADA systems.

Building security into new services is critical for the utilities industry—just as it will be for every business embarking on a digital transformation.

Thursday Oct 23, 2014

UL Secures Customers’ Access to Certification Status While Protecting Intellectual Property

Equipped with requirements to provide customers with access to information on product-testing and certification status, as well as additional information on the company’s services, UL needed to ensure that it could provide this information without exposing confidential intellectual property information to the wrong parties. In pursuit of these goals, UL initiated a three-year security and identity-management evolution process relying on Oracle Identity and Access Management Suite to authenticate users and provide an access-control framework built on the company’s business taxonomy.

Using Oracle API Gateway, UL can provide its customers with a user interface giving them control over defining their own identities and providing specific employees within their organizations with access to the UL information stores associated with them. This federation capability enables UL’s customers to manage their own user provisioning and make adjustments as needed, while freeing UL from needing to provision or deprovision customer users - boosting security as any user who leaves a customer organization is automatically deprovisioned and denied access.

Click here for more about the UL deployment of  Oracle Identity and Access Management Suite and Oracle API Gateway.

For more information about Oracle API Gateway, read these previous OracleIDM blog entries:
What Can Oracle API Gateway Do for You?
Embracing Mobility in the Workspace: Oracle API Gateway

Wednesday Oct 22, 2014

Disconnected Application Framework in OIM 11g R2 PS1

Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle (Diamond) Partner that has graciously agreed to present on best practices garnered from experience working on large enterprise Identity Management (IDM) deployments in a four part series hosted here in the Identity Management Blog. In this part-2 of the four part series Infosys shares its experience with disconnected application framework for implementing manual provisioning for a large set of applications in Oracle Identity Manager 11g R2 PS1.

In our first blog, we discussed the need to build an abstraction layer to allow for consolidation of identity, account and access information from Oracle Identity Manager (OIM) and other enterprise sources. In the second edition, we will continue exploring further on theme of how organizations can earn an accelerated ROI from the new IDM infrastructure by adopting “Disconnected Application framework”.

Introduction to Disconnected Application Framework in OIM

The first step of introducing an enterprise IDM solution is to build an identity warehouse by reconciling identity sources and key target systems. This is followed by use case deployments like password management, automated provisioning/de-provisioning to platforms, access certifications, etc. These features allow the organizations to make big strides and provide much needed relief to the administration side of identity management operations and compliance teams.
For the lines of business though, automating the access provisioning/de-provisioning of applications holds the key to achieve the desired efficiency of identity management as well as reduction in costs associated with manual provisioning. However, it takes time and effort to fully automate provisioning/de-provisioning to the hundreds of applications in the enterprise ecosystem. Although this might sound a little discouraging for enterprise leaders and architects, there is a middle way to handle the above scenario.

In order to achieve the desired ROI of implementing an integrated IDM solution, Infosys recommends a hybrid model for implementing application provisioning. In our approach, we ask architects and business owners to participate in an application profiling exercise that involves rating of applications across a range of criteria. The questionnaire includes parameters around application criticality, compliance needs, required speed and complexity of provisioning & de-provisioning, complexity of approval workflow, availability of out-of-box integrations etc. The profiling exercise provides the team with a list of potential automation candidates as well as a list of applications that can be onboarded for manual provisioning. Nonetheless, as an IDM integrator, we maintain the focus on providing the key benefits of the IDM solution to the organization for both automated and manual application provisioning.

Key Benefits of Application Integration with an IDM Solution:

  • Speedy/efficient, centralized and secure provisioning processes
  • Scalable provisioning model
  • Compliance adherent application model

In this blog we will focus on the ‘Disconnected Application Framework’ in OIM which can be leveraged by enterprises to easily integrate large number of applications for manual provisioning. We will also present the high level process that should be followed while using the framework. This process was evolved from our recent experience of integrating hundreds of applications in OIM 11g R2 PS1 for manual provisioning at a large enterprise.

In the earlier versions of OIM, one had to explicitly create a custom resource object and associated connector artifacts and use manual tasks for each of the application to assign tasks to application administrators for manual provisioning. It was effort intensive and had its own limitations. OIM 11g R2 offers the concept of disconnected resource/application for easier integration of applications for manual provisioning. This feature leverages existing OIM provisioning components like resource object, provisioning process, provisioning form etc. while providing a seamless integration with SOA engine for manual provisioning workflow. The ‘disconnected application framework’ in OIM provides a browser based creation, configuration and administration of application instances to integrate applications that do not have connectors for automated provisioning.
Here is a list of advantages of the ‘Disconnected Application Framework’:

  • Easy creation, configuration and administration of application instances
  • Browser based application form UI customizations
  • Automated backend creation of underlying connector objects

How to create a single disconnected application?

In one of our recent large scale IDM implementations we had to integrate 150+ applications for manual provisioning with OIM 11g R2 PS1 in a short span of time. During the integration, we noticed that the process of creating and configuring one disconnected application is simple.
High Level process of creating a disconnected application instance:
Steps on OIM Admin Interface

  • Create a Sandbox
  • Create an application instance by selecting the “Disconnected” checkbox in the application instance form
  • Create the application instance form
  • Export the Sandbox as zip file for backup
  • Publish the Sandbox

Steps on OIM End User Interface

  • Create a Sandbox
  • Search and select the application in the catalog
  • Perform any UI level customizations required for the application instance form

A Sandbox in OIM provides a mechanism to isolate the customizations by analysts at runtime enabling the analysts to work on the customizations without affecting the experience of other analysts until the Sandbox is published.
As shown in Figure 1. Application Instance Artifacts below, at the surface we are dealing only with Sandbox to create disconnected application instances. In the background OIM automatically creates the relevant connector objects that are needed for the application. These connector objects are directly created in database even without publishing the Sandbox and are not stored in the Sandbox zip file that is exported.


Figure 1. Application Instance Artifacts

How does the sandbox feature work in OIM 11g?

Sandbox feature in OIM 11g works similar to a typical versioning system but with a distinction. Every time a Sandbox is created a separate copy of the underlying artifact(s) is created from the mainline and all customizations performed within the Sandbox are contained within the ‘copy’ artifact(s) created for that Sandbox.
The distinction of Sandbox from a versioning system is that whenever a Sandbox is published, the artifact(s) in the mainline are overwritten with the ‘copy’ artifacts from the Sandbox instead of merging the changes. This behavior of the Sandbox poses a challenge if you want to create application instances in parallel.
A typical thought process to accelerate creation of disconnect application instances can be to distribute applications among a team of analysts creating applications in parallel in the development environment of OIM 11g.
However in this scenario, where analysts create their own Sandboxes to work in parallel, when an analyst publishes the Sandbox they have created it will overwrite all customizations published by previous analysts. This results in errors related to missing view objects in UI while requesting the applications in Catalog.

How to scale the framework for integrating large number applications?

To resolve the issues that can arise from concurrent application instance creations as explained above, we have come up with best practices that can be followed:

  • In single development environment, create and publish applications in sequence. The issue with overwriting of files will not allow you to gain any efficiency of scales. Slow and steady wins the race here.
  • If you have the luxury of multiple development environments, then create applications in parallel on these separate environments and combine them while migrating to higher environments. Utmost care is needed when combining the applications.
  • Instead of create application in one sandbox, it is a good practice to create separate sandboxes for each of the applications
  • Once a sandbox is published, it cannot be exported. As a best practice export and save the sandbox with a naming convention capturing the application name, time stamp and version before publishing it

Migrating disconnected applications between environments

Once disconnected applications are created and tested in a lower environment, the next step is to migrate these applications to a higher environment. Migrating an application from one environment to another involves exporting and importing of Sandbox and connector objects.


Note: While migrating the application instances when you import the Sandbox from one environment
to another environment, the files in the Sandbox (BizEditorBundle.xlf and CatalogAM.xml)
from source environment will be overwritten on the files in the target/destination environment.
It is necessary to merge the changes from source environment Sandbox files with the destination environment Sandbox files.

Process for migration of applications from source to destination environment:

Step 1: Export application artifacts from source environment

We recommend that the steps be repeated for each of the application to be migrated.

  1. Using Deployment Manager export Application instance corresponding to an application along with dependencies and save as a file (e.g. App1_instance_source.xml)
  2. E.g. of dependencies: Resource, Process Form, Process, IT Resource Definition, IT Resource, Lookup

  3. Using Deployment Manager export Request Dataset corresponding to the application and save it to a file (e.g.  App1_Req_Dataset_source.xml)
  4. Get the Sandbox zip file that was exported before publishing in the source environment (e.g. App1_Sandbox_source.zip)

Step 2: Extracting and preparing destination artifacts

The following steps will be completed in destination environment in preparation for merging the sandbox artifact changes from lower environment.

  1. Backup the complete Metadata Services (MDS)
  2. Get latest version of BizEditorBundle.xlf and CatalogAM.xml files form destination
    1. Method 1: Create a dummy Sandbox and create a dummy application
    2. Method 2: Create a dummy Sandbox and edit an existing application instance with a very minor change

    The above 2 methods will get you the latest version of BizEditorBundle.xlf and CatalogAM.xml files from destination into your dummy sandbox.

  3. Export the Sandbox (e.g. Destination_DummyApp_Sandbox.zip)
  4. Publish the Sandbox created above
  5. Copy and extract the Sandbox zip file (Destination_DummyApp_Sandbox.zip) to a folder on a machine from which you can access OIM admin interface of the destination environment

Let us call it Master_Sandbox_Destination folder.

Step 3: Importing Applications in the destination environment

Repeat the below steps to migrate each application exported from source
environment in Step 1

i. Using Deployment Manager import the application instance xml file (App1_instance_source.xml) followed by import of the request dataset xml file (App1_Req_Dataset_source.xml) exported from the source environment in Step 1
ii. Extract the application Sandbox zip from the source environment of Step 1 (App1_Sandbox_source.zip)


a. Open xliffBundles\oracle\iam\ui\runtime\BizEditorBundle.xlf and copy the elements corresponding to the application being migrated and merge them with the BizEditorBundle.xml in the extracted Sandbox zip file from destination environment (i.e Master_Sandbox_Destination folder). You can look for the ‘trans-unit’ elements with the application instance form name of the application that is being migrated. The first element always corresponds to ITResource. Below is an example


b. Open persdef\oracle\iam\ui\catalog\model\am\mdssys\cust\site\site\CatalogAM.xml file and copy the elements corresponding to the application being migrated and merge them with the CatalogAM.xml in the extracted Sandbox zip file from destination environment (i.e Master_Sandbox_Destination folder). You can look for <mds:insert> elements with the app instance form name of the application being migrated


iii. Zip the Sandbox folder Master_Sandbox_Destination folder and import it to the destination environment using Sandbox manager in OIM sysadmin console
iv. Publish the Sandbox imported in the above sub-step

The above process represents the steps to be followed for one application and can be easily replicated for large set of applications. To expedite the process, we have created custom accelerators to automate the integration of applications in batches.

To Conclude

The ‘Disconnected Application Framework’ in OIM 11g can be leveraged to quickly integrate applications for manual provisioning. However with large number of applications to be integrated in a short span of time, without forethought and planning it can become a challenge to create and migrate the applications between environments. Following the process described above allowed us to avert most of the challenges and achieve a smooth application integration.

Coming in the next post:

While we all understand that OIM solution holds the keys to the kingdom of security in an enterprise, there is a growing need to ensure your OIM deployment is secure due to ever increasing rate of insider threats. One of the ways to secure all communication channels to/from OIM is via SSL. It's a common practice that in enterprise class deployments OIM is front-ended by a web server/load balancer. While typically the communication between the end users and web server/load balancer is secured via SSL sometimes securing the channel between and OIM and web server/load balancer or SOA is overlooked.
In our next post we share our experience with implementing SSL between OIM and load balancer & SOA in one of our recent implementations of OIM 11g R2 PS1, challenges to expect and relevant resolutions.

About the Author


Rajesh Gaddam is a Senior Technology Architect with the Enterprise Security & Risk Management (ESRM) practice at Infosys Limited. He has over 10 years of experience in architecting, designing and implementing IAM solutions for multiple clients from different verticals.
Rajesh can be reached via LinkedIn

Wednesday Oct 15, 2014

Design Considerations: Implementing Oracle Identity Management for large enterprises

Infosys Limited (NYSE:INFY) is a global leader in technology, consulting and services and an Oracle Diamond Partner that has graciously agreed to present on best practices garnered from experience working on Large Enterprise Identity Management deployments in a four part series hosted here in the Oracle Identity Management Blog.

Large Enterprises: Large Challenges

During the course of deploying Oracle Identity Management suite for various large enterprises, the Infosys Enterprise Security & Risk Management (ESRM) technology team has identified a few typical organizational scenarios:

  • Oracle Identity Manager (OIM) version upgrades
  • OIM deployments for Organizations with existing custom user request Interfaces
  • Migration from other Identity Management products to OIM
  • Coexistence of OIM with another Identity Management product
  • Upgrades to request interface of OIM

While some organizations implement the end-to-end product suite of OIM, others replace specific parts of the Identity Management solution of the enterprise with matching modules of OIM suite.

Provided by security engineers from the Infosys ESRM team, this four part blog series will serve as an overview on design consideration on following topics:

  • The importance of an abstraction layer
  • Disconnected application framework
  • Implementing SSL within layers of Oracle Identity Manager
  • Introducing Roles in an Enterprise

In this first of the four part series, we will discuss the need to build an intermediate or abstraction layer to allow for consolidation of identity, account and access information from OIM and other enterprise sources.

The importance of an abstraction layer

Infosys follows its proven “Accelerated Integration Methodology” (AIM) for rolling out Identity Management components. It consists of four phases –

  • Envision” phase: Strategy of deploying the Identity Management capabilities are finalized
  • Enable” phase: Core Identity Management components are deployed
  • Empower” phase: Additional capabilities like Single Sign On, Fine Grained Authorization and Role Based Access are enabled
  • Extend” phase: Extending the identities across organizational barriers using federation

The “envision” state of an Identity and Access Management program is the initial phase where the Enterprise Security team finalizes the approach to consolidate the identities and accounts across the enterprise and provide the lifecycle flow of identities to various target platforms and applications. The detailed analysis of the existing Identity Management practices sometimes reveals patterns of applications and interfaces accessing the enterprise identity sources directly and business validations and decisions embedded in the applications. This leads to duplication of logic and usage of outdated identity and account information across enterprise systems.

After introducing OIM to consolidate the identities and accounts, the process to update the existing applications to use the identity and account data provided by OIM is time consuming. To ease the situation, the organization can plan for a “co-existence phase” during which the older IDM processes exists side by side with the new IDM infrastructure. But the co-existence phase leads to some interesting challenges. Viz. in some cases organizations maintain multiple request and provisioning systems due to legacy issues, thus triggering a need to track the status of one access request across multiple provisioning engines beyond the migration project. After reaching steady state, the organization will have only OIM as the one identity management tool.

These scenarios require an abstraction layer to be created on top of OIM for both provisioning and data services. This layer can then expose the OIM identity and account data and even data from outside OIM (which doesn’t need to be consolidated in OIM) in a consistent and faster way to all interfacing applications. This can also provide an interface where any new access can be added or modified on the connected targets using OIM.

An “Abstraction Layer” by definition hides the details of implementation while exposing secure and simple interface for identity and account data to outside systems or even to OIM forms. It also provides an interface to manage request submission and status retrieval use cases across multiple request and provisioning system. It provides a platform to consolidate the business decisions and a common interface that can be consumed by many applications. Even if there are standards and specifications available in market, we suggest analyzing the possibility of building a service that is consistent with the long term strategy of the enterprise.

So, how this can be achieved and how does this help?

Creating an additional layer can be a challenging process. We have to build an “Enterprise Identity and Account Services" layer that can receive requests from multiple systems and query OIM data and other system data for applications and platforms.
It should be simple and scalable to service requests in a faster and secure way. It should also provide different types of interfaces (Web services, database tables etc.) for a wide variety of systems that needs to be serviced. It needs careful analysis of what data is available in OIM and what needs to be fetched from outside OIM and how frequent these updates should be made. And, it should also pave the way for creating a single source of Identity, Account and Governance Data.

There can be multiple methods and interfaces created as part of this exercise. Drawing from the Infosys ESRM team's experience, we recommended having these services grouped under the following four categories.

  • User and Account data services: Services to expose the user, account and attribute information
  • Provisioning Services: Services to create/update/delete/enable/disable the accounts and users
  • Audit Services: Account and User Request / Entitlement history services
  • Governance Services: Access certification data services

Although provisioning systems like OIM and user repositories like LDAP provide native APIs to access all the information, the key in large enterprise Identity Management implementations is to provide usage-agnostic consolidated data services without compromising the security aspects of such data access and usage. Simple but critical requests like “get all service accounts owned by a user” or “get all access which were not assigned through a role” etc. can be easily exposed by building the right interfaces.

In addition to the above use cases, we have also come across enterprises that use OIM along with other IDM tools. In such cases, the user access requests have to be split across multiple provisioning systems but the status has to be tracked by a single request key in OIM. We’ve implemented such requirements by consolidating the provisioning services provided by underlying provisioning engines in the abstraction layer. The request system remains completely agnostic to the provisioning process and the systems involved in granting the access.

Reference Architecture: Abstraction Layer Implementation for Enterprise IDM
There are also access certification use cases where the closed loop compliance can be achieved using the services provided by abstraction layer. It can be used to submit access request, manage the access provisioning, track the request lifecycle, retrieve certification data and revoke unwanted access. The layer can service audit needs by exposing access history information to disparate enterprise audit tools.

In Conclusion

While embarking on an ambitious Identity & Access Management strategy, enterprises have to continue using the investments made in the past. A well-built abstraction layer allows the organization to build on top of the existing infrastructure and processes. The simplicity of the solution also hides the complexities involved in marching large enterprises forward on the journey of unified identity & access management processes. The layer allows applications and provisioning engines to reuse business logic while keeping them agnostic to the implementation. The investments made in ‘Abstraction Layer’ also open up opportunities for new applications to reuse business logic and processes that would otherwise have to be written again.

Coming Up Next …

Automated application access provisioning/de-provisioning is one way to secure the benefits of IDM solution. But the time and effort it takes to achieve this level of automation is prohibitive. Another approach to win a quick ROI on IDM solution is to enable manual application provisioning. ‘Disconnected Application Framework’ in OIM 11g R2 provides a fast and easy way of integrating applications for manual provisioning.
In the next blog, we will share the recent Infosys experience with integrating 150+ applications in OIM 11g R2 using ‘Disconnected Application Framework’ along with the challenges we faced and the steps to avoid common pitfalls.

About the Author


Abhishek Nair is a Senior Technology Architect with the Enterprise Security & Risk Management (ESRM) practice at Infosys Limited. He has over 13 years of experience in Identity and Access Management domain. He has played key role in designing and architecting large IAM solution for Infosys customers with a prime focus on Oracle IAM products.
Abhishek may be reach via LinkedIn

Wednesday Oct 08, 2014

Seamlessly & Securely Managing 360k+ User Identities While Reducing IT Complexity: the Seneca College IdM Success Story

Following the 2013 decision to choose Oracle’s PeopleSoft applications running on  Oracle Exadata database machines as its new enterprise resource planning (ERP) and campus-solutions platform in 2013, Seneca College of Applied Arts and Technology was also faced with another critical decision prompted by the impending end-of-life scenario of its legacy identity management solution. 

Spurred with the overarching goal to provide secure and role-based access to all of the school’s applications and online services for a growing and increasingly remote student body, Seneca chose Oracle Identity and Access Management Suite as its new platform for managing identity and access rights. 

Engaging with Oracle partner ICSynergy, Seneca and ICSynergy designed a solution to meet the college's needs for high availability across multiple campuses and a very diverse user base of 26,500 full-time students and 70,000 part-time registrants. The solution provides streamline control of student access to Seneca College's digital services while securing student privacy and addressing the compliance requirements of Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA).

The full success story can be read here.

Wednesday Oct 01, 2014

Thursday October 2nd: Identity Management at Oracle OpenWorld '14

Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Thursday, October 2nd, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Conference Sessions


Managing Telenet’s Identities in Practice
Bart Cools, Partner, Cronos NV
Mark Van Tiggel, Team Manager ERP, Telenet NV
9:30 AM - 10:15 AM Moscone West - 3020 CON3995

There and Back Again: Journey to a Successful Deployment
Alex Bolante, Managing Director, Accenture
Viresh Garg, Director, PwC
Andrew Morrison, Partner / Principal, Deloitte & Touche LLP
Aaron Perry, President, Aptec LLC
Matthew Berzinski, Principle Product Manager, Oracle
12:00 PM - 12:45 PM Moscone West - 3020 CON8025

Self-Service Access Control: Help Yourself to More Productivity
Patrick Landry, IT Technical Director, USAA
David Mathias, Information Security Manager - Product Management, US Bank
Atul Goyal, Product Manager, Oracle
Volker Scheuber, Principal Sales Engineer, Oracle
1:15 PM - 2:00 PM Moscone West - 3018 CON8007

Architecting a Complete Access Solution for the Cloud Economy
Bernard Diwakar, Security & IAM Architect, Intuit
Marc Chanliau, Director, Product Management, Oracle
1:15 PM - 2:00 PM Moscone West - 3020 CON7975

Shake, Rattle, and Roll: Managing Large-Scale Identity Management Deployments
Gebhard Herget, Architect, Bundesagentur für Arbeit
Perren Walker, Senior Principal Product Manager, Oracle
2:30 PM - 3:15 PM Moscone West - 3020 CON8045


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Tuesday Sep 30, 2014

Wednesday October 1st: Identity Management at Oracle OpenWorld 2014

Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Wednesday, October 1st, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Conference Sessions


Customer Success Stories: How to Eliminate the Blind Spots in Enterprise Risk
Angelo Cascio, SVP, Head of Identity and Access Management, Jefferies
Rich Flees, Staff Manager IT, Qualcomm, inc
Bob Jamieson Jamieson, Information Security Director, UL LLC
Neil Gandhi, Principal Product Manager, Oracle
10:15 AM - 11:00 AM Moscone West - 3020 CON7991

Modern Identity Management: Upgrading to Meet Requirements of the Digital Economy
Sherry Gray, Identity & Access Functional Analyst, ICBC
Judy Hatchett, Best Buy
Stacy Knoup, Asst Dir-IT, Principal Financial Group
Matthew Berzinski, Principle Product Manager, Oracle
11:30 AM - 12:15 PM Moscone West - 3020 CON8023

Securely Extend Applications to Mobile Devices: Developing a Mobile Architecture
Dawn Johnson, Director, IDM, First National of Omaha
RAKESH Meena, Security Architect, Aurionpro Solutions, Inc.
Kanishk Mahajan, Principal Product Manager, Oracle
12:45 PM - 1:30 PM Moscone West - 3020 CON7994

Beyond Brute Force: Strategies for Securely Leveraging Mobile Devices
Bob Beach, Security Technologies Strategist, Chevron Information Technology
Rajesh Pakkath, Senior Principal Product Manager, Oracle
Andy Smith, Sr Dir of Product Management, Oracle
3:30 PM - 4:15 PM Moscone West - 3020 CON7973

Trust but Verify: Best Practices for Monitoring Privileged Users
Chirag Andani, VP, Identity Access Management PDIT, Oracle
Olaf Stullich, Principal Product Manager, Oracle
Arun Theebaprakasam, PMTS, Oracle
4:45 PM - 5:30 PM Moscone West - 3020 CON8005

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Monday Sep 29, 2014

Tuesday: Identity Management at Oracle OpenWorld '14

Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Tuesday, September 30th, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Conference Sessions


Securing the New Perimeter: Strategies for Mobile Application Security
Josh Bregman, VP Solutions, Aurionpro Solutions, Inc
Thai Thai, Infrastructure Solution Architect, Safeway Inc
Andy Smith, Sr Dir of Product Management, Oracle
10:45 AM - 11:30 AM Moscone West - 3020 CON7993

Identity as a Service: Extend Enterprise Controls and Identity to the Cloud
Sanjeev Topiwala, Group Manager, Intuit
Roger Wigenstam, Sr. Director, Product Management, Oracle Identity & Access Management, Oracle
3:45 PM - 4:30 PM Moscone West - 3020 CON8040

The Age of Megavolume: Oracle’s Next-Generation Directory and Future Strategy
Rafik Alsawalhy, Manager, City of Los Angeles
Jerome Cartagena, Staff IT Engineer, Qualcomm, Inc.
Etienne Remillon, Senior Principal Product Manager, Oracle
5:00 PM - 5:45 PM Moscone West - 3018 CON8043

Identity Services in the New GM
Andrew Cameron, Enterprise Architect, Identity Management, GENERAL MOTORS
Susie Godfrey, Directory & Platform Services Manager, GM
5:00 PM - 5:45 PM Moscone West - 3020 CON2007


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Sunday Sep 28, 2014

Monday: Identity Management at Oracle OpenWorld 2014


Join us at Oracle OpenWorld 2014 and find out how and why our customers and partners around the world, spanning nearly every industry, continue to choose Oracle Identity Management to provide seamless and secure access to nearly any application from any device, to identify and automate who has access to what and to provide a common view of the user across multiple channels.

Below you'll find a list of the Identity Management Sessions at Oracle OpenWorld 2014 for Monday, September 29th, by order of date and time, to help you as you plan your week. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


MONDAY, SEP 29, 2014

General Sessions


General Session: The Cloud Platform for Digital Business—Presented by Thomas Kurian
Steve Holland, Chief Technology & Digital Officer, 7-Eleven, Inc.
Thomas Kurian, EVP, Oracle
1:15 PM - 2:15 PM Marriott Marquis - Salon 7/8/9 GEN8589

Conference Sessions


Ready for the Digital Economy? Oracle’s Vision of How Identity Helps
Sanjeev Topiwala, Group Manager, Intuit
colin anderson, VP-IT & CISO, safeway
Amit Jasuja, Senior Vice President, Oracle
10:15 AM - 11:00 AM Moscone West - 3020 CON7989

Identity Governance Across the Extended Enterprise
Dominic Fedronic, Senior Business Leader, VISA
Chris Guttridge, IS Architect, AAA - The Auto Club Group
Bernhard Hübl, Teamleader Middleware, SPAR AG
Jim Taylor, Snr. Director of Product Management, Oracle
11:45 AM - 12:30 PM Moscone West - 3020 CON7968

Access Without Fear: Delivering an Optimal Multichannel User Experience
Thai Thai, Infrastructure Solution Architect, Safeway Inc
Paul Van Nieuwenhuyze, Service Manager, GDF Suez
Jie Yin, Senior Director, Product Management, Oracle
2:45 PM - 3:30 PM Moscone West - 3020 CON7995

Oracle Management Pack Plus for Identity Management Best Practices and Lessons Learned
Byron Amstutz, Executive Principle, Technical Architecture, Accenture-CalHEERS
Andrew Cameron, Enterprise Architect, Identity Management, GENERAL MOTORS
Perren Walker, Senior Principal Product Manager, Oracle
4:00 PM - 4:45 PM Moscone South - 200 CON8212

Securing Oracle Applications and the Extended Enterprise with Identity Management
Naynesh Patel, Sr. Partner, SIMEIO SOLUTIONS
Vaidyanathan Sree, Senior Director Business Application, Sony Computer Entertainment Amercia
Matthew Berzinski, Principle Product Manager, Oracle
5:15 PM - 6:00 PM Moscone West - 3018 CON8874

Architecting Appiications with Intelligent Authentication and Authorization
Ranjan Jain, Enterprise IT Architect, Cisco Systems Inc
Roger Westman, Prin IA Engineer, MITRE Corporation
Svetlana Kolomeyskaya, Group Product Manager, Oracle
5:15 PM - 6:00 PM Moscone West - 3020 CON7978


To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Thursday Sep 25, 2014

Focus On: Identity Governance at Oracle OpenWorld 2014

Oracle Identity Governance provides comprehensive Identity and Access Governance for rapid, actionable compliance.

Join us at Oracle Open World 2014 and see how the industry’s most comprehensive identity governance solution delivers user administration, privileged account management, and identity intelligence, powered by rich analytics and actionable insight.

The following is a list of Governance related Identity Management sessions at OOW14, by order of date and time. Click on each to find out more information and don't forget to register for those you want to attend as sessions can and do fill out.


Identity Governance: Reduce Cost, Increase Productivity, and Improve Compliance [HOL9408] This hands-on lab focuses on how Oracle provides a complete identity governance solution that enables organizations to efficiently balance the objectives of access, security, ... View More

  • Monday, Sep 29, 10:15 AM - 11:15 AM - Hotel Nikko - Nikko Ballroom III
Identity Governance Across the Extended Enterprise [CON7968] As organizations deploy an ever-increasing number of cloud, mobile, and enterprise applications, identifying and managing user access can be a challenge, especially when ... View More
  • Monday, Sep 29, 11:45 AM - 12:30 PM - Moscone West - 3020
Identify Bottlenecks and Tune Oracle Identity Management to Maximize Performance [CON8383] The Oracle Identity Management suite enables enterprises to manage the end-to-end lifecycle of user identities across all enterprise resources to control access to their ... View More
  • Monday, Sep 29, 4:00 PM - 4:45 PM - Moscone West - 3020
Securing Oracle Applications and the Extended Enterprise with Identity Management [CON8874] All Oracle applications are shipped with Oracle Identity Management components to provide the security services they need. These services can be extended to enable not only ... View More
  • Monday, Sep 29, 5:15 PM - 6:00 PM - Moscone West - 3018
Customer Success Stories: How to Eliminate the Blind Spots in Enterprise Risk [CON7991] Three customers, three unique stories. This session focuses solely on understanding how these customers were able to automate their identity governance requirements by using ... View More
  • Wednesday, Oct 1, 10:15 AM - 11:00 AM - Moscone West - 3020
Trust but Verify: Best Practices for Monitoring Privileged Users [CON8005] Privileged accounts provide administrators with root-level access to systems and applications. As these accounts are frequently shared, providing secure controls to prevent ... View More
  • Wednesday, Oct 1, 4:45 PM - 5:30 PM - Moscone West - 3020
Self-Service Access Control: Help Yourself to More Productivity [CON8007] As the pace of business increases, it has become impossible for the IT team to manage all the access requests and certifications in an efficient and secure manner. It is ... View More
  • Thursday, Oct 2, 1:15 PM - 2:00 PM - Moscone West - 3018

To maximize your attendance at Oracle OpenWorld 2014, running in San Francisco, CA from September 28th to October 2nd, be sure to review the complete listing of Oracle Identity Management Sessions and Demos.

The Schedule Builder is an invaluable tool to use when plan your visit to the conference. Be sure to pre-enroll in sessions of your interest as rooms can fill up. You can search identity management sessions using the term “identity+management” in the Content Catalog.

Identity Management executives and experts will be readily available for discussions and follow ups. Don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.


Before and during, follow the conversation about Oracle OpenWorld 2014 on Twitter with #oow14 and, as always, engage with us @oracleidm and follow the Identity Managment blog. We hope to see you there!

Thursday Jul 31, 2014

Identity Management at Oracle OpenWorld 2014


Are you registered for Oracle OpenWorld 2014 to be held in San Francisco from September 28th to October 2nd? Visit the Oracle OpenWorld 2014 site today for registration and more information. We have highlighted some of the most talked about sessions that attendees will be trying to get in to see this year.  For the latest information on sessions (such as schedule changes to dates, times, venue locations) please continue to check back at the links below.

Business Transformation Case Studies in Identity Consolidation (CON7989) - This session will explore how customers are using Oracle Identity Management to deliver a unified identity management solution that gives users access to all their data from any device while providing an intelligent centralized view into user access rights. See how Oracle Identity management can securely accelerate your adoption of cloud services in the new digital economy.

Identity Governance Across the Extended Enterprise (CON7968) - In this session, see how Oracle's Identity Governance solution reduces risks and costs, while providing fast access to new services through an intuitive user self-service solution to thrive into today's economy.

Securing The New Perimeter: Strategies for Mobile Application Security (CON7993) - In this session, we will cover how enterprise mobility and the Internet of Things are both new IT endpoints that require melding device and user identities for security.

Access without Fear:Delivering an Optimale Multi-Channel user experience (CON7995) - In this session, we will review the role of the Oracle Access Management Platform and how it delivers an optimal user experience while guaranteeing the security of all access events.

Identity as a Service - Extend Enterprise Controls and Identity to the Cloud (CON8040) - In this session, we will cover how the Oracle Cloud Identity Service extends enterprise controls to the cloud, automating SaaS account provisioning, enabling single sign-on and providing detailed activity reports for today's customers.

Check back often, for a complete listing of all sessions available at Oracle OpenWorld 2014.

Identity Management executives and experts will also be at hand for discussions and follow ups. And don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Follow the conversation on Oracle OpenWorld 2014 on Twitter with #OOW14 and as always, engage with us @oracleidm.

We recommend the use of the Schedule Builder tool to plan your visit to the conference and for pre-enrollment in sessions of your interest. You can search identity management sessions using the term “identity management” in the Content Catalog. We hope to see you there!

Tuesday Jul 15, 2014

Three Reasons Management Will Thank You For Implementing IDM Monitoring - Aurionpro

Identity Management (IDM) platforms protect your most critical enterprise assets: your apps and your enterprise data.  Many companies spend significant investments designing and implementing IDM solutions, but an alarmingly few actively monitor the health of them. That’s like driving a new car for 30,000 miles without checking the oil. Like cars, all software products require maintenance. Active monitoring provides information in advance of potential failures and will help keep your IDM solution running smoothly. Since IDM solutions typically involve various layers of technology and include integrations with a number of source systems, monitoring should be seen as a critical component of a successful long-term IDM strategy.  

It’s unfortunate that IDM monitoring is often times evaluated after the IDM solution is already in place as there are significant benefits that can be overlooked. Three of these compelling reasons are:

1.    Up to 10X reduction in cost of issue resolution

It’s a well-known fact that issues are much more expensive to address in a production environment than during testing cycles. Barry Boehm, the famous Computer Scientist, quantified that the cost of finding and fixing a software problem after delivery is often 100 times more expensive than finding it earlier in the cycle. In our experience, the cost is approximately 10X more expensive, but either way, it’s clear that the earlier you find an issue the better.

Active monitoring can be an enormous cost saver due to its early symptom identification capabilities. Finding an issue before it strikes based on early warnings uncovered by active monitoring technologies, and resolving the issue in a development or testing environment can be a huge cost saver. If you’ve ever had to solve a complex performance- or integration-related issue in a production environment, I’m sure you can relate to just how important this can be.

In a large-scale IDM deployment, for example, there can be any number of root causes that might result in a Single Sign On (SSO) failure. The issue may reside at the application layer, the integration layer, the network layer, or the database layer.  Without a comprehensive monitoring solution that consolidates the data from each of the system’s components, it could be an onerous effort to sift through the extensive set of logs with the hope (and a prayer) that the issue can be identified.  We experienced this exact scenario recently and, thankfully, we had Oracle’s Enterprise Manager in place, which helped us to determine that our Directory replication was failing. Without this monitoring tool, it would have been a much more tedious and costly process to identify and resolve the issue.

The beauty of an active monitoring solution is that it immediately alerts you about the issue and provides sufficient information to initiate quick remedial action.  It also provides detailed reports that aid in the understanding of the system performance and stability trends.

2.    Most companies achieve ROI break even within 1-2 years

Putting an active monitoring solution in place is primarily a one-time effort and cost, as the ongoing resource needs to support the technology post-deployment are minimal. The million dollar question is whether or not the cost of the technology and the resource needs to set up such a solution is worth it? The short answer is YES. Avoidance of a single production-level issue (as was described above) might actually pay for the entire system by itself. Such IDM monitoring solutions also reduce manual monitoring costs while minimizing system down time, both of which also add up to hard cost benefits. We have often observed that the cost reductions and cost avoidance that result from an active Identity Management monitoring solution pay for the cost of the solution within a 1-2 year period.

3.    Identity Management monitoring solutions can be implemented quickly, and in phases


As is the case with most software categories these days, there are a number of options available that can help to achieve the benefits of active IDM solution monitoring. We’ve had a ton of success with Oracle’s Enterprise Manager (OEM) 12c product, Oracle’s integrated enterprise IT management product line. Oracle Enterprise Manager creates business value by leveraging the built-in management capabilities of the Oracle stack for traditional and cloud environments, allowing customers to achieve efficiencies while exponentially increasing service levels. If you’re deploying parts of Oracle’s Identity Management Suite, you’ll want to heavily consider deploying OEM.

Key OEM features include:

•    Automated Discovery of Identity Management Components
•    Performance and Availability Monitoring
•    Service Level Management

•    Configuration Management

There are also other licensed and open source monitoring solutions available on the market today. An interesting alternative to check out is Nagios, a viable open source solution for network and application monitoring. Homegrown solutions can also meet many system and network monitoring needs.

Regardless of the technology that is selected, it is recommended, in many cases, to take a phased approach when implementing such a solution. In this way, the processes for ongoing monitoring and addressing potential issues flagged by the monitoring solution can be ironed out while proving out the value and importance of the solution. The solution needs to cover the critical failure points, across database, application, network, machine, and hardware layers. For many Identity Management deployments, database failures are often the culprit of production-level issues. In provisioning solutions, connectivity to target systems need to be monitored closely as the integrations can often times be the failure points. Based on the type of IDM solution being implemented, monitoring should obviously be set up for the more likely failure points during the early phases of the monitoring solution deployment.

Conclusion

Monitoring is an important component to ensure a successful Identity Management solution and greatly helps to improve the health and stability of any IDM platform. To learn more about our best practices gained from leading hundreds of Identity Management implementations, please contact Kunwar Nitesh, an Associate Director in Aurionpro's India-based IDM delivery center, and a true domain and implementation expert across Oracle's Identity and Access Management solutions.

Tuesday Jun 10, 2014

Nominations now open for the Oracle FMW Excellence Awards 2014

2014 Oracle Excellence Award Nominations
Who Is the Innovative Leader for Identity Management?



•    Is your organization leveraging one of Oracle’s Identity and Access Management solutions in your production environment?
•    Are you a leading edge organization that has adopted a forward thinking approach to Identity and Access Management processes across the organization?
•    Are you ready to promote and highlight the success of your deployment to your peers?
•    Would you a chance to win FREE registration to Oracle OpenWorld 2014?


Oracle is pleased to announce the call for nominations for the 2014 Oracle Excellence Awards: Oracle Fusion Middleware Innovation.  The Oracle Excellence Awards for Oracle Fusion Middleware Innovation honor organizations using Oracle Fusion Middleware to deliver unique business value.  This year, the awards will recognize customers across nine distinct categories, including Identity and Access Management

Oracle customers, who feel they are pioneers in their implementation of at least one of the Oracle Identity and Access Management offerings in a production environment or active deployment, should submit a nomination.  If submitted by June 20th, 2014, you will have a chance to win a FREE registration to Oracle OpenWorld 2014 (September 28 - October 2) in San Francisco, CA.  Top customers will be showcased at Oracle OpenWorld and featured in Oracle publications.  

The  Identity and Access Management Nomination Form

Additional benefits to nominees
Nominating your organization opens additional opportunities to partner with Oracle such as:
•    Promotion of your Customer Success Stories
Provides a platform for you to share the success of your initiatives and programs to peer groups raising the overall visibility of your team and your organization as a leader in security

•    Social Media promotion (Video, Blog & Podcast)
Reach the masses of Oracle’s customers through sharing of success stories, or customer created blog content that highlights the advanced thought leadership role in security with co-authored articles on Oracle Blog page that reaches close to 100,000 subscribers. There are numerous options to promote activities on Facebook, Twitter and co-branded activities using Video and Audio.

•    Live speaking opportunities to your peers
As a technology leader within your organization, you can represent your organization at Oracle sponsored events (online, in person or webcasts) to help share the success of your organizations efforts building out your team/organization brand and success.

•    Invitation to the IDM Architect Forum
Oracle is able to invite the right customers into the IDM Architect Forum which is an invite only group of customers that meet monthly to hear technology driven presentations from their own peers (not from Oracle) on today’s trends.  If you want to hear privately what some of the most successful companies in every industry are doing about security, this is the forum to be in. All presentations are private and remain within the forum, and only members can see take advantage of the lessons gained from these meetings.  To date, there are 125 members.

There are many more advantages to partnering with Oracle, however, it can start with the simple nomination form for Identity and Access Management category of the 2014 Oracle Excellence Award

Monday May 12, 2014

Modernizing UK Government with Aurionpro Sena

Around the world governments are transforming to deliver online citizen services and gain economies of scale by removing silos across departments. For many people, the images of government include: long lines, lots of paper work, and bureaucracy. While taxes continue to rise, the quality of service has continued to lag. A study by McKinsey showed that 50% of citizens are demanding access to government services on the weekends and many governments are stepping up to address the need. The UK government is setting the example for efficiency with a digital services strategy. In a recent newsletter article, Aurionpro Sena shares how Identity and Access Management initiatives in the UK government are de-fragmenting the infrastructure that connects people and removing roadblocks to collaboration. As a result, the UK government is now an innovation center.

The first phase of the initiative is modernizing 25 services delivered by 14 agencies across 8 government departments. The results so far are amazing. The report estimates that moving services from offline to digital channels will save the UK government £1.7 and £1.8 billion per year.  If you are interested in reading the strategy document, click here.

Our partners at Aurionpro Sena have been busy working closely with the Cabinet office on their deployment and documented the results in a recent newsletter article. Using Oracle's Identity Management, Aurionpro Sena started working with a number of UK government departments in 2013 to design, build, and support a federated identity shared service that could be securely hosted within a Public Service Network (PSN) accredited data center. The resulting service, Aurionpro's Public Sector Internal Identity Federation (PSIIF) Hub will enable easier sharing of information across the public sector, increasing the security of data access and enabling public sector organizations to realize savings across the government's information and communications technology (ICT) program. The PSIIF hub is now available for procurement through the government's Cloudstore. Full article here.

The GDS (Government Digital Services) organization produced the video below as a demonstration of the services being rolled out. These examples are inspirational and will change the way we think about government. One day we may scarcely remember that renewing your driver's license meant taking a day off from work to go to the DMV (Department of Motor Vehicles) to take a number and wait for your name to be called. Calling the state tax office only to be transferred to multiple people who couldn't help you will be a story told in a medieval history class. Click to enjoy the video of the Sprint Alpha Transformation Demo from GDS on Vimeo.

Friday May 09, 2014

Three User Friendly Strategies for BYOD Security

For most CIO's, securing corporate data on mobile devices is top of mind. With enterprises producing more data than ever before in human history, much of that data will be accessible via mobile devices and mobile applications. In fact, studies suggest that 80% of enterprise access will be via mobile devices by 2020 vs. just 5% today. Amit Jasuja's recent article on the Forbes Oracle Voice, discusses three strategies for CIO's that can reduce the risk and simplify the user experience.

Monday May 05, 2014

Is Mobility Creating New Identity and Access Challenges? - by Marcel Rizcallah

Are mobile, social, big data and cloud services generating new Identity and Access Management challenges? Guest blogger Marcel Rizcallah is the EMEA Domain Leader for Security at Oracle Consulting and today will highlight some of the new IAM challenges faced by customers with Cloud services and Mobile applications.

Sales force users ask more often for iPad or mobile devices to access Cloud services, such as CRM applications. A typical requirement is to use an AD or corporate directory account to login seamlessly into the Cloud service, either with a web browser or a downloaded application on a device. The benefits, compared to a different login/password provided by the Cloud provider, is more security and better identity governance for their organization; password policy is enforced, CRM services are granted to sales people only and Cloud accounts are de-provisioned immediately when people leave.

Integrating a mobile device browser with the intranet is easily addressed with federation solutions using the SAML standard. The user provides his login and password only once and tools such as Oracle Mobile Security Suite and Oracle Access Manager provide the end-to-end integration with the corporate directory.

Authenticating through a downloaded application provided by the Cloud service may be more complex; the user authenticates locally and the device application checks first the credentials in the cloud environment. The credentials are relayed to the organization’s intranet using REST services or standards such as SAML to validate the credentials.

Integrating IAM services between SaaS applications in the Cloud and the corporate intranet may lead to a weird situation. Let’s look at this example: one of my customers discovered that their CRM SaaS application, provided by a public Cloud environment, was supposed to be SAML compliant, yet did not correctly generate one of the SAML messages when authenticating through a downloaded application on the device. Despite all parties agreeing that this is a bug, fixing the Cloud application was not an option because of the possible impact on millions of Cloud customers. On the other hand, changing the Oracle Access Manager product, fully compliant to SAML 2.0, was not an option either. The short term solution would be to build a custom credential validation plug-in in Oracle Access Manager or an integration tool, such as Oracle API Gateway to transform the wrong message on the fly! Of course this should not stay a long term solution!

When we ask customers which SSO or Identity Governance services are the priority for integrating Cloud SaaS applications with their intranet, most of them says it’s SSO. Actually SSO is more urgent because users want to access Cloud services seamlessly from the intranet. But that’s the visible part of the iceberg; if Cloud accounts are not aligned to employees referential or sales force users, customers will end up paying more license fees to the Cloud provider than needed. SSO with Oracle Access Manager will improve customer experience, but cloud provisioning / de-provisioning with Oracle Identity Governance will optimize Cloud costs.

Use the following links to learn more about Oracle IDM products and Oracle Consulting Services for IDM.

Monday Apr 14, 2014

Follow up Identity Management 11g R2 PS2

If you joined our webcast on Thursday, thanks for tuning in.  Below is a link to the on-demand webcast and we have captured the Q & A from the session in-line.

On demand  Webcast: Click Here

Question: For the customers in the process of moving to cloud and mobile space, is PS2 the right version (whether access or Identity) to be on? : Answer: Absolutely. Particularly for Access with full OAUTH2 support.

Question:Has Consumer and Customer identity requirments for Retail been met full user experience and Admin/provisioning, federated access and delegated admin implemented? any large retail account or case study for the implementation available for sharing? Answer: Yes, we have several retail customers who have implemented unified, enterprise wide identity management to help grow their business (via customer loyalty apps and programs) and streamline/secure their business with complete Identity Governance and life cycle management. Click here to see customer examples:

Question:any large AppStore implementation and Global roll out? Answer: For the Oracle Mobile Security Suite we have some very large Fortune 5 customers with global rollouts including oil & gas, retail and banking.

Question: Can you elaborate on how security concerns were addressed about the form fill technology? Answer:The form fill technology in the Access Portal Service is built on Oracle ESSO Infrastructure. It leverages the same ESSO repository to store credentials and application configuration. It is compatible with the same business logic flows that exist in native ESSO . It fully supports bi-directional crypto between Java and CAPI code. The asymmetric key supports RSA and translation of PK pairs to/from MS PK & Java. The symmetric key support includes AES256 and TripleDES (for compat/upgrade). It fully supports encryption/decryption for ESSO Credentials in Java (compatible with CAPI). The Hashing / MessageDigest supports SHA1 and SHA 256 that is compatible with Java and CAPI

Question:Question from my Tweet - Will the new Access mgmt platform support SAML, OAuth as the standard instead of ObSSO token? Answer:We already support SAML and have now introduced support as an OAuth 2.0 server in PS2 while ensuring that these technologies work seamlessly in conjunction with session management and secure single sign on using OAM 11g technology.

Question:How do we provision deprovision users for Cloud Apps? Answer:We will provide auto provisioning of applications by allowing association to applications directly from the OAM console. Today auto provisioning is only possible using the Enterprise Single Sign-On provisioning gateway.

Question:  Is the Blitzer application available as part of the Oracle Access Manager product? Answer: The Bitzer technology is available in the Oracle Mobile Security Suite

Question: Does OAP provides support for Legacy application (Thick client) (Mainframe apps)? Answer: Access Portal - at this time - is for web-based applications only

Question:Does Cloud Security Portal works with OAM 10G version? Answer: Access Portal is an OAM 11gR2 PS2 service

Question: how do you compare Oracle PS2 with REST APU based security appliance like layer 7 etc? Answer: The Oracle API Gateway (OAG) component provides REST API security in the same way. This is already available and is widely deployed by our customer base -- particularly for their consumer and mobile facing applications.

Question: What are licenses needed for Automated Suite Installation for IDM which was spoken about ? Answer: The automated installation requires only licenses for the software that you are installing. There's not a separate license for the automation.

Question: Do you have PII, PCI compliance patterns implemented for SaaS eCommerce Apps globally? Answer: May need more info to answer this - but if Oracle accepts credit cards for any of its service then obviously it will need to follow PCI etc. Here is a link to a paper on how we align with PCI controls with IDM

Question: Do you see a push in the federal marketplace to implement the Oracle soft token approach to security or is the marketplace still leveraging traditional 2 factor and mobile technologies are lagging behind? Answer: We see a push across all verticals to use the soft token approach 

Question: As OMSS and IDM Suite come separately (2 different product suites) , then how exactly these get wired to achieve SSO. How difficult it is to wire it? Answer: These suites are separate from a licensing perspective  but utilize the same underlying platform.

Thursday Apr 10, 2014

Securing The Identity of Everything

Securing the Identity of Everything

Along with tremendous economic change, the Internet of Things (IoT) will transform the way IT organizations think about security. Instead of focusing on securing the network perimeter, IT departments will have to secure the new perimeter: people, data and devices. The new point of control will be user access to devices, data and applications. Each device will have an identity on the network, and companies will face the challenge of device tracking, registration and fraud detection. In this session, Ranjan Jain will discuss his current effort to manage the "Identity of Everything" and share how organizations can unlock the potential of this approach. Register now.

Ranjan Jain, IT Architect for Enterprise Identity and Access Management, Cisco 

Naresh Persaud, Senior Director, Product Marketing and Market Development, Oracle


Wednesday Apr 09, 2014

Webcast: Announcing The Oracle Mobile Security Suite



Oracle IDM 11gR2 PS2: Cloud and Mobile Strategy Update Webcast

As cloud applications and personal mobile devices continue to drive new business models, new security challenges for IT teams are on the rise. Oracle recently announced the availability of its latest Oracle Identity Management 11gRelease 2 PS2—which is heavily focused on securing the extended enterprise. 

This live webcast will provide you with an overview of key themes in Oracle Identity Management 11g Release 2 PS2, and cover salient aspects of the release’s cloud and mobile security strategy. You’ll also see a demonstration of the new cloud access portal and mobile security suite. The Twitter feed #OracleIDMPS2 can be used for questions during the live Q&A session at the end of the presentation.

Attend this webcast to:

  • Hear about the latest updates in Oracle Identity Management 11g Release 2 PS2 including new, strong authentication and installation automation features
  • See how Oracle is taking an application-focused approach to mobile security
  • Learn how you can secure your cloud applications with enterprise identity management

Register now to attend this important webcast. Tweet your questions using hashtag #OracleIDMPS2

April 10, 2014 – 10:00 am PST





<image008.gif>
Copyright © 2013, Oracle and/or its affiliates. 
All rights reserved.


Friday Dec 13, 2013

Passing the Puck to the CTO - BeachBody's Miracle Moment of Identity

BeachBody CTO, Arnaud Robert, was prepared for competitive business at an early age.  Showing success on the ice as a captain of his hockey team, taught Arnaud that there are many similarities between the game of hockey, in particular, the position of team captain, and that of today's CTO.  As Arnaud points out, today's CTOs must remain very nimble and capable of acting much like that of a team captain.  Regardless if we are talking pucks and tasks, periods and quarters or games and projects, the methodologies in managing has given Arnaud a focus with the BeachBody business that he has used to expand the BeachBody enterprise in the areas of Identity Management and Mobile Enablement.

Take a moment to watch this great video from Arnaud and see if you and your CTO can relate to the hockey challenges, and how you are responding in the areas of Identity.


Sunday Nov 24, 2013

Securing The Citizen Experience

Governments have often been the slowest to adopt new technologies - not any more. This video from the UK government's digital services strategy shares a vision for citizen services that will inspire. This phenomenon is not isolated to the United Kingdom. Across the world citizens are paying more in taxes and demanding better services. All of this is changing the way governments are thinking about security. The new experience is cross channel: mobile, social and online. If we are lucky we may never have to go back to the department of motor vehicles again.

The Pressure to transform:

Sunday Nov 03, 2013

Patients are Running out of Patience

Healthcare is in a dramatic state of change globally and the change is being driven by patients. Patients are no longer content to wait in line, endure appointment delays and stay on hold waiting for a health insurance representative. Instead, patients are demanding on-line access to physicians, joining communities with fellow patients, scheduling appointments online and resolving claims issues over email. 

To accomodate the demand for patient connectivity, providers are innovating to find new ways to collaborate with patients. To address the demand, providers are providing 24/7 access online and pioneering ways to deliver care via mobile devices -  for example using your iPhone as a heart monitor. Patient vitals can be collected before the patient even walks into the clinic. 

These new approaches promise to enhance the patient experience and reduce the cost of care. Time is money both for the patient and the provider. For insurance companies, all of this is  welcome news because it reduces un-necessary time with the physician which reduces the number of claims.  Oracle is focused on enabling and securing the experience. The video below shares the Oracle healthcare transformation story.

asas

Tuesday Oct 22, 2013

Enjoy Cloud Odyssey The Oracle Movie

If you attended Open World you may have seen the promotions for a new movie produced by Oracle. The movie is called Cloud Odyssey and it chronicles the journey of a hero to the cloud. The movie is an animated sci-fi adventure. This movie will be played at Oracle events around the world so you may soon get an invite to attend. Interesting approach to telling the cloud story. For many IT organizations, the journey to the cloud is a major initiative for end users. I am sure Homer would be proud. In fact perhaps if it is successful, I am hopeful we may see a cloud Iliad. 

Below, I have embedded a trailer to the movie for your viewing pleasure. While it clearly is not the next Iron Man, it is intriguing. Hope you enjoy. 

Monday Oct 14, 2013

CSO Summit Open World

If you attended Open World, you were present for a historic occasion, not only was this the largest Open World, but the Oracle team also won the America's cup against incredible odds. There are a few lessons we can apply to security. Security, like the America's Cup race, is about latency. Since 2007 the boat speeds have gone from 14 mph to 50 mph with greater control and roughly the same number of crew on-board.

Without the technology on-board providing control, these boats would be very difficult to pilot. The mast of the AC72 is as high as a three story building. Yet, despite the large size, these boats almost fly over the water.  Today many businesses face the same challenge, they must grow while maintaining the same level of governance. Security allows companies to accelerate with confidence.

The theme for the CSO Summit was "accelerating with confidence".  With over 18 countries represented across 12 vertical markets, it was truly a world class audience.  Instead of an exclusively security audience, this year the executives came from many lines of business. This reinforces the trend that companies are starting to progressively align security to new business initiatives. For a survey on companies using security as a business enabler see the PWC Global State of Information Survey

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« May 2015
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
8
9
10
11
12
13
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
31
      
Today