Thursday Dec 06, 2012

Tackling Security and Compliance Barriers with a Platform Approach to IDM: Featuring SuperValu

On October 25, 2012 ISACA and Oracle sponsored a webcast discussing how SUPERVALU has embraced the platform approach to IDM.  Scott Bonnell, Sr. Director of Product Management at Oracle, and Phil Black, Security Director for IAM at SUPERVALU discussed how a platform strategy could be used to formulate an upgrade plan for a large SUN IDM installation.

See the webcast replay here: ISACA Webcast Replay (Requires Internet Explorer or Chrome)

Some of the main points discussed in the webcast include:

  • Getting support for an upgrade project by aligning with corporate initiatives
  • How to leverage an existing IDM investment while planning for future growth
  • How SUN and Oracle IDM architectures can be used in a coexistance strategy
  • Advantages of a rationalized, modern, IDM Platform architecture


 

Tuesday Sep 04, 2012

ISACA Webcast follow up: Managing High Risk Access and Compliance with a Platform Approach to Privileged Account Management


Last week we presented how Oracle Privileged Account Manager (OPAM) could be used to manage high risk, privileged accounts.  If you missed the webcast, here is a link to the replay: ISACA replay archive (NOTE: you will need to use Internet Explorer to view the archive)

For those of you that did join us on the call, you will know that I only had a little bit of time for Q&A, and was only able to answer a few of the questions that came in.  So I wanted to devote this blog to answering the outstanding questions.  Here they are.


1. Can OPAM track admin or DBA activity details during a password check-out session?

Oracle Audit Vault is monitoring these activities which can be correlated to check-out events.

2. How would OPAM handle simultaneous requests?

OPAM can be configured to allow for shared passwords.  By default sharing is turned off.

3. How long are the passwords valid?  Are the admins required to manually check them in?

Password expiration can be configured and set in the password policy according to your corporate standards.  You can specify if you want forced check-in or not.

4. Can 2-factor authentication be used with OPAM?

Yes - 2-factor integration with OPAM is provided by integration with Oracle Access Manager, and Oracle Adaptive Access Manager.

5. How do you control access to OPAM to ensure that OPAM admins don't override the functionality to access privileged accounts?

OPAM provides separation of duties by using Admin Roles to manage access to targets and privileged accounts and to control which operations admins can perform.

6. How and where are the passwords stored in OPAM?

OPAM uses Oracle Platform Security Services (OPSS) Credential Store Framework (CSF) to securely store passwords.  This is the same system used by Oracle Applications.

7. Does OPAM support hierarchical/level based privileges?  Is the log maintained for independent review/audit?

Yes. OPAM uses the Fusion Middleware (FMW) Audit Framework to store all OPAM related events in a dedicated audit database.

 8. Does OPAM support emergency access in the case where approvers are not available until later?

Yes.  OPAM can be configured to release a password under a "break-glass" emergency scenario.

9. Does OPAM work with AIX?

Yes supported UNIX version are listed in the "certified component section" of the UNIX connector guide at:
http://docs.oracle.com/cd/E22999_01/doc.111/e17694/intro.htm#autoId0

10. Does OPAM integrate with Sun Identity Manager?

Yes.  OPAM can be integrated with SIM using the REST  APIs.  OPAM has direct integration with Oracle Identity Manager 11gR2.

11. Is OPAM available today and what does it cost?

Yes.  OPAM is available now.  Ask your Oracle Account Manager for pricing.

12. Can OPAM be used in SAP environments?

Yes, supported SAP version are listed in the "certified component section" of the SAP  connector guide here: http://docs.oracle.com/cd/E22999_01/doc.111/e25327/intro.htm#autoId0

13. How would this product integrate, if at all, with access to a particular field in the DB that need additional security such as SSN's?

OPAM can work with DB Vault and DB Firewall to provide the fine grained access control for databases.

14. Is VM supported?

As a deployment platform Oracle VM is supported. For further details about supported Virtualization Technologies see Oracle Fusion Middleware Supported System configurations here: http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

15. Where did this (OPAM) technology come from?

OPAM was built by Oracle Engineering.

16. Are all Linux flavors supported?  How about BSD?

BSD is not supported. For supported UNIX version see the "certified component section" of the UNIX connector guide
http://docs.oracle.com/cd/E22999_01/doc.111/e17694/intro.htm#autoId0

17. What happens if users don't check passwords in at the end of a work task?

In OPAM a time frame can be defined how long a password can be checked out. The security admin can force a check-in at any given time.

18. is MySQL supported?

Yes, supported DB version are listed in the "certified component section" of the DB connector guide here: http://docs.oracle.com/cd/E22999_01/doc.111/e28315/intro.htm#BABGJJHA

19. What happens when OPAM crashes and you need to use the password?

OPAM can be configured for high availability, but if required, OPAM data can be backed up/recovered.  See the OPAM admin guide.

20. Is OPAM Standalone product or does it leverage other components from IDM?

OPAM can be run stand-alone, but will also leverage other IDM components

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
3
4
5
6
7
8
11
12
13
15
17
18
19
20
21
22
24
25
26
27
28
29
30
   
       
Today