Wednesday Jun 19, 2013

Identity in an Interconnected World: by Paul Dhanjal (Simeio Solutions)

In today’s interconnected world, we’re being forced to re-think what identity means and to adopt entirely new models for managing it. One thing’s for sure: it’s no longer confined to inside the walls of the enterprise. The lines between internal and external data ownership are blurring. In this, our third post in the series, we’ll delve a bit deeper into what these external identities look like to help us understand the implications for IT.

Let’s start by reviewing the old model. Traditionally, all identity data was internal – each application or service stored and managed all the user information it needed – completely self contained.

But “self-contained” is really just a nice way of saying “silo.” We encounter these identity silos all the time. A large corporation may have dozens, the result of mergers and acquisitions or through the independent initiatives of multiple lines of business. We see it among business partners in value chains – retail partners, ISVs, distributors, etc. We see it in government where various departments – DMV, tax collector, police department, social services, etc. – all separately collect and manage overlapping data on the same set of users.

For companies, these identity silos are costly to build and maintain – the duplication of capabilities and data is highly inefficient, and synchronizing changes across silos is difficult or impossible. They limit visibility and insight. It’s difficult to recognize an individual customer across services, for example – what looks like 10 different users is often the same person.

New cloud-based identity and access management (IAM) models have emerged to address these issues, powered in large part by two key technologies: virtual directories and identity hubs.

Virtual directories, such as Oracle Virtual Directory (OVD), are designed to provide a single, centralized authentication point for multiple services. They unify multiple directories, providing a real-time consolidated view of a person’s identity record regardless of where it’s stored. Because they typically come with adapters for most major directories and databases including those from Oracle, Sun, IBM, Microsoft and Novell, they can be remarkably easy to deploy.

The actual user accounts are still decentralized – created and maintained in the original authentication sources, not in the virtual directory. But to an application or service that’s part of the network, it appears that there’s one centralized source for authentication, removing a ton of complexity from the application, breaking down silos, and allowing you to recognize an individual across all your services.

The identity hub completes the picture. It serves as a broker between the application and the various authoritative sources of identity attributes in both enterprise and federated scenarios. It provides a single authoritative view of user data in what is generally a decentralized environment where user data is scattered among multiple repositories.

More importantly, that view changes depending on who is accessing it. Each application (or business unit, department, division, or customer) has a view that’s limited to only the information that’s deemed appropriate. That’s determined by the owner of the information, which can be another division within the same company, an external partner, or even an individual customer.

 

By combining the identity hub with a governance framework for identity federation via the cloud, you can easily share these views with partners who provide services, while ensuring the appropriate (and only the appropriate) information is securely delivered to each service provider by you, the identity provider. Simeio’s Cloud Services, for example, uses Oracle Access Manager 11g R2 to gather the requested attributes within the identity hub and build an encrypted claim in a form tailored for the consuming service.

Once you or your partners can access this information on demand, it may no longer be necessary to own or even store any portion of a user’s identity – certainly not their password, which would instantly get you out of the business of password management, including support desks and reset mechanisms.
In this new model, identity is no longer something isolated in individual applications and maintained in a single organization. Information becomes fluid, on-demand, real-time, relevant to business units, and – most important – transportable to other businesses or clients, which reduces complexity and speed to market, and opens the door to entirely new business models and revenue streams. We’ll have more on this in our fourth and final chapter.

Tuesday Jun 18, 2013

The Keys to the Password Vault by Matthew Scott (aurionPro SENA)

Super user accounts are, unfortunately, a necessary evil. It’s just a fact of life in the IT industry that someone, somewhere, has to have the ability to make fundamental (and therefore potentially catastrophic!) changes to key systems.

One of my least favourite experiences as a consultant was gaining access to an account though a process that was reminiscent of a spy thriller  – the password was typed onto a card, which was cut in two, with each half stored in a separate safe and each key entrusted to a meticulous security officer. Navigating the procedures to get the halves together in time to be useful was a trial of persuasion and scheduling – I can see why Tom Cruise prefers to abseil in through the roof instead of filling in yet another form!

Compliance officers are increasingly scrutinising privileged accounts and the processes that control access to them – not surprisingly, since surveys have shown that up to a quarter of IT professionals have experienced misuse of such accounts, and almost half of all companies fail to manage these accounts in accordance with the law (http://www.computerweekly.com/news/2240111956/One-in-four-IT-security-staff-abuse-admin-rights-survey-shows). The results can be spectacular and sobering – the UBS trader Kweku Adoboli cost his company $2.3 billion after making disastrous trades using a privileged account which he was not authorised to use.

Thankfully, there is now a better way. As we’ve seen in this series, with the ESSO suite the technology exists to manage user passwords without the user having to actually ‘know’ that password. It is possible to extend this functionality to include those previously hard to manage privileged accounts by introducing Oracle Privileged Accounts Manager (OPAM). OPAM acts as a secure password vault for privileged accounts, but unlike other password vaults it can be connected directly to the ESSO Logon Manager agent so that passwords can be requested, obtained and used, all from the user’s desktop.

OPAM is particularly useful for companies with large, decentralised UNIX environments. We are currently engaged with a large financial organisation which has several hundred servers, with various distributions of Linux and UNIX that are managed by different teams. With OPAM, all those precious root accounts have for the first time been corralled together in one location, where they can be released as needed to any authorised user. OPAM is equally adept at managing identities stored in directories, including Windows service accounts within Active Directory.

To calm the fears of any compliance officers who may be reading these words nervously, it is possible to implement workflows to control the request process. This may include approvals from a higher authority, complete with email or mobile notifications to the approver. And of course ESSO and OPAM feature end-to-end audit trails – from request, to check out, to each use of the privileged account, through to check in. Tracking who has being doing what with each account has never been easier.

In addition to managing privileged accounts, the ESSO suite also allows users to distribute their personal accounts in a similar manner. Many of us have experienced the frustration of needing access to a system, a record or an email only to discover that the person with access is on holiday or otherwise unavailable. In extreme cases, this may require that the absent user’s Windows account be reset to allow another user to log on and gain access. ESSO’s Account Delegation allows these key users to pro-actively devolve their account credentials to another user for a set period – no passwords required!

Monday Jun 17, 2013

Are you registered for the "Embracing Mobility in the Workspace" Webinar yet?

Excitement is building around an upcoming webinar hosted by Oracle Partner, AmerIndia on June 27th. Arun Mehta, Sr Consultant with @AmerIndia, and Sid Mishra from Oracle, will be speaking on the subject of Mobility in the Enterprise and the implications of BYOD has on the security postures of the organization and the steps you can take to reduce your risk. 

 

Online space for this Webinar is limited, so we recomend you register ASAP at http://www.amerindia.net/webinars.php to secure your spot for this exciting event on June 27th.

 

For a preview on what you can expect to learn from this webinar, check out the editorial posted here on the OracleIDM blog last week by AmerIndia "Embracing Mobility in the Workspace" by Arun Mehta.  Arun addresses in this editorial, a segment of what he plans to cover in this Webinar. 

 

Look forward to seeing you on the 27th!

Monday Jun 10, 2013

Embracing Mobility in the Workspace: Oracle API Gateway

Embracing Mobility in the Workspace using Oracle API Gateway

 

 

“In 2013, mobile devices will pass PCs to be most common Web access tools. By 2015, over 80% of handsets in mature markets will be smart phones.”

                                                                                                                                                                                                                       -Gartner Research

 

 

Across the globe, corporations are embracing the influx of mobility and the last five years have seen an expanding role of mobility in the workspace. Enterprises everywhere are coming up with innovative initiatives to support the mobility needs of personnel working for them. In addition, a variety of mobile applications and services are being offered to the workforce to make them more effective and efficient at work. Such applications and services unify different user populations within the organization, including internal workforce, partners, customers, and consumers, with the internal and external resources of the organization.

 

 

There are numerous reasons why enterprises are embracing mobility in the workspace and the chart below highlights the most important ones:

 

 

 

The devices used by the user populations are usually diverse in nature and leads to a fragmented and a disconnected landscape. As a result, IT architects and product managers of organizations are compelled to develop applications that can be ported to mobile devices of users. However, the deployed in-house applications aren’t capable of averting increasingly sophisticated identity thefts and data breaches of today.  Development and utilization of secured mobile applications is often the primary concern that bothers infrastructure & solution architects today.

 

Forrester Consulting commissioned a study on behalf of Cisco Systems in 2012 to gather information on top security concerns and compatibility issues that concern senior-level decision-makers. The chart below illustrates the results.

 

 

 

There are a lot of aspects that should be managed to effectively support mobile devices. They are:

 

·         Password and User management – Management of multiple passwords and user identities for each application

 

·         Device Management – Management of authentication and authorization of devices allowing users to access company resources securely. A high mobile device turnover by user population calls for re-registration of new devices and blacklisting/wiping-out of corporate information from older devices. Device management automates such processes in a structured manner

 

·         Application Access Management – Management of role-based access that is usually absent or is being managed locally in the application leading to unauthorized access to applications. And the local role management leads to redundant and expensive management of access to applications via roles

 

·         API Management – Management of central publishing, promoting, and monitoring of exposed APIs within a secure and scalable environment that is often missing. Many applications todays exposes web services which may not consumed by mobile devices as efficiently as possible.

 

Following section describes how the above-mentioned aspects are managed and how challenges and issues related to adoption of mobile devices are addressed by using Oracle API Gateway and a variety of other components of Oracle Access management stack.

 

·         User Management – The mentioned aspects and challenges are addressed by having a User Provisioning tool like Oracle Identity Manager (OIM). OIM streamlines user provisioning and de-provisioning, and other identity based lifecycle events in the organization. Along with that, users are also provisioned access to various target systems. Once the step of access provisioning is completed, Oracle Access Management (OAM) steps in for users who wish to access the target system by using single sign-on. The authentication can be done by binding to LDAP, but OAM brings additional advantages as it allows various policies and procedures to be defined and implemented for the users accessing target systems within the enterprise. Furthermore, access request to all resources on mobile devices are intercepted by Oracle API Gateway or OAG (deployed in DMZ) in order to enforce the policies that define the steps involved.  OAG gathers the necessary user, application, device, and network context data to enable authentication decisions and validates the gathered data using the Access Management tool as per the policies laid down.

 

However, this approach only performs user authentication and relies on Access Management tool to perform coarse grain authorization, and may not be sufficient for the detailed authorization rules defined within the application itself.

 

Please refer to the figure below for a better understanding.

 

 

 

·         Device Management – Mobile devices used by users are registered through Identity Manager as an asset and this information is provisioned to an LDAP, DB device, or an App registry. Also, Oracle API Gateway is used to perform device authentication by using the custom authentication logic it comes with. Once the device is authenticated, a device token is generated, and the same is used by mobile devices in subsequent interactions in order to fetch the desired information from the applications. This is a simple approach and can be employed to achieve the desired results in small work environments where functionalities like device profiling, blacklisting and whitelisting, knowledge based authentication, and device control is of less importance.

 

For work environments that are larger and more complex, and where the previously mentioned functionalities are important, Access Management component can be extended to include and deploy Oracle Adaptive Access Manager (OAAM) along with Mobile and Social Services components. By doing this, the desired Device Management functionality is implemented.

 

In other scenarios, device registration can also be delegated to OAAM components rather than registering it through Oracle Identity Manager against the user record. Here, mobile and social services components play a crucial role of mediating security tokens for mobile devices to access enterprise resources and cloud based applications.

 

Please refer to the figure below for a better understanding.

 

 

·         Application Access Management – The above two architectures explain how Oracle API Gateway (OAG) manages and performs user and device authentication. Oracle API gateway is Policy enforcement point for mobile devices in a similar way Web-Gates are policy enforcement for Oracle Access Management. However, the fine-grained authorization can’t be overlooked.

 

Classical approach of programming included embedding the authorization logic within the application itself, making the management and extension of application security cumbersome. And it can lead to failed audit and compliance objective requirements of certifying who has what access and at what level. This may not be acceptable in today’s world of increased scrutiny of applications and their access.

 

Fortunately, Oracle Entitlement Server (OES) comes to rescue and serves as a central policy decision/definition point where all applications can externalize authorization rules. When used with OAG, the authorization policies set by OES are enforced. In addition, the combo can also redact the data elements based on various roles of users accessing applications through mobile devices.

 

The figure below will be able to help you understand the concepts better.

 

 

 

·         API Management – Enterprises today have applications that expose web services primarily meant for either intranet use or exchanging information with business-partner applications. That paradigm has taken a major shift with the proliferation in on-boarding of mobile devices and the need to access the respective applications on these devices. Mobile devices may not be able to consume the exposed web-services as efficiently and thus, require enterprises to adopt strategies to either re-write or extend those web-services for such use-cases, or rely on Oracle API Gateway (OAG) features and functionalities.

 

OAG provides functionalities that shield these efforts and perform content transformation on the fly in order to make it adaptable for mobile device use. Oracle API Gateway provides controlled connection between APIs and applications that exposes them. OAG also allows access related metrics for any APIs managed by it. In a well laid-out architecture and implementation of OAG, enterprises can expose these services confidently with additional benefits such as Threat protection and XML Acceleration while having the same performance levels, and exceptional reporting and analytics capabilities across all services.

 

In all, mobile devices have evolved to better suit the needs of consumers but at the same time have traded of their security to ensure usability. These trade-offs increasingly contribute to security risks when such devices connect to the enterprise resources.

 

The security risks should be addressed in an effective manner to protect precious company resources and comply with increasingly strict regulations. Mobile Access management solution using Oracle API Gateway technology unifies enterprise resources and cloud-based resources across network boundaries to mobile devices. This solution assures enhanced security, regulatory compliance, improved governance, and increased productivity. 

 

Webinar

 

For more information on registration on our upcoming joint webinar with guest presenters Arun Mehta from AmerIndia, and Sid Mishra from Oracle Corporation, please go to  http://www.amerindia.net/webinars.php. Here you will be able to pre-register for this event, where we will discuss the changing face of mobile devices in today’s work environment and the risks associated with this upcoming trend. In addition, solutions available to address such risks will be described, while also highlighting solutions specific to different types of organization.

 

Author

 

 

Arun Mehta

Mobile Security Practice Leader

AmerIndia Technologies Inc.

 

Arun Mehta is Principal Solution Architect in Mobile Security, Security Solutions practice at AmerIndia Technologies Inc. In this role, Arun leads a team of specialist technical consultants and architects across North America focusing on Oracle's Security and Identity Management technology. Arun has been in the field of Security for over a decade and has experience across large and complex Identity Management projects in the North America region covering multiple industry verticals. More recently, he has been engaged on a number of projects including enterprise security platforms and mobile access management to help customers enable digital and business transformation initiatives.

  

 

 

AmerIndia Technologies Inc.

AmerIndia Technology Inc. is a full-service information security consulting firm and an Oracle Gold Partner. We specialize in security assessments, software security, mobile security, identity and access management, cloud identity management, API management, certification, regulatory compliance, and vulnerability management. AmerIndia serves clients throughout the United States.

 

Our expertise and client base spans all major verticals. Customers include Fortune 5000 companies in the financial, technology, healthcare, insurance, education and manufacturing sectors. Because of our wide range of experience and subject matter knowledge, major consulting firms also rely on AmerIndia as a trusted partner.

For more information, visit our website: www.amerindia.net

 

 

Monday Apr 22, 2013

Addressing the Top 5 Cloud Security Challenges

As we talk to organizations around the world, it is clear that most consider Cloud as the biggest opportunity today to reduce cost. To any organization, cloud offers numerous advantages – business agility, reduced operational costs, scalability, improved performance and more. With cloud deployments ranging from private to hybrid to public, the scale of benefits vary but so do the risks.

Going up the cloud continuum from on-premise to private to hybrid and then public cloud, IT’s control and visibility into security policies decreases.

Private clouds give organizations greater control over security and data privacy, compliance, and also quality of service, since private clouds can manage network bandwidth and implement optimizations that public clouds don’t allow. But much like your enterprise, risks arise from privileged access and insider threats. In the public cloud, policies are managed by an outside 3rd party which is the cloud service provider. A shared environment in the public cloud also causes security and compliance concerns. A hybrid cloud, by its very definition, encapsulates both the benefits and the risks of both the private and public clouds.

As we move through the spectrum, security policies get more and more fragmented as we duplicate policy data in multiple places. Consequently, latency also increases and risk increases exponentially. Add to that the compliance and governance issues and it is no wonder that Security continues to be the #1 barrier in cloud adoption. In fact, according to the “Private Cloud Vision vs. Reality”, InformationWeek Report, 2012, 82% of organizations say security and data privacy concerns are one of the main reasons they are phasing out, or have decided to not use, public cloud.

So, where best to focus your efforts so as to leverage cloud without risking security? A recent CSO Online survey of Chief Security officers found that the top 5 security concerns for cloud were all related to mobile data access, regulatory compliance and managing access to the data and the applications i.e., Identity Management.

Organizations that move applications into the cloud have to bridge the gap between the enterprise and the cloud by providing standardized security framework around data security and application access. Take some time to watch this brief screencast and learn how you can manage security risks, address governance issues while unlocking the full potential of the cloud.


Friday Apr 19, 2013

A Recap of Security as a Business Enabler

This week, we talked about how a Security Inside out approach enables organizations to leverage security for their cloud deployments – whether public, hybrid or private. We will continue the conversation on cloud security next week.

Today, we recap our discussion on how Security today is not just about brand and reputation protection but it is actually a business enabler. Here’s a brief screencast with Oracle product marketing director for Security, Naresh Persaud, on how organizations can leverage security today to unlock the business potential from opportunities like cloud, mobile and social.

The key take away – build security within and at the get go but make sure to have a scalable approach to security. Oracle recommends a platform approach to security where security serves as a framework for your entire infrastructure and extends to your application & data in the cloud, or accessed across any device using social or other logins. Access this whitepaper to learn how you can have Identity Management for internet scale built in your IT program.

Feedback? We’d love to hear it. Do send us your comments.

Friday Mar 22, 2013

New Oracle Security Facebook Page Launches

This week we mostly talked about how you can leverage security to unlock potential opportunities and grow your business via social, mobile and cloud. Catch the brief screencast and download the complimentary whitepaper in case you missed those earlier.

And, as we wrap up the week, some good news for Security and IT professionals interested in hearing more from Oracle Security professionals. We’re creating a new community on Facebook for Security professionals worldwide.  Via the Oracle Security Facebook page, we’d share the latest updates on all things Security – discuss industry and Oracle Security news, announce Oracle events, build community thought leadership, share customer success stories, and announce exclusive offers. Most of all, we will look to engage with you so that together we continue to grow the Security community and add value. This page will complement our existing Identity Management Facebook page.  

Watch this ~30 second video featuring my colleague, Troy Kitch, as he summarizes the goals of this new page, and connect with us on Facebook by liking the page. See you on Facebook! And wishing you the very best for the weekend!

Monday Mar 18, 2013

Do You Trust Social, Mobile and Cloud?

The last decade or so there has been a complete transformation in the way we work or how we consume information. Work is no longer about geography, it is an activity. “Company resources” are not just servers and systems in your server room, these could be in a data center, in the cloud or even the employees’ smart phones, iPads, tablets and more. Users of these “company resources” could be employees with physical badges, vendors, partners or customers connecting through the social media channels as Facebook, Twitter or Pinterest. Work can happen anywhere, via any device, through any network (intranet/social media channels/internet) leveraging company resources.

And why are organizations adapting this “work anywhere, anytime” model? The reasons are plenty - to improve efficiency, bring agility, build user productivity, offer seamless user experience to its customers or to simply establish a trust relationship with the customer. Social, Mobile and Cloud (SoMoClo) together is a business opportunity, a competitive advantage that organizations are seeking. And Security is the lynchpin in this new work order. Without a secure, seamless digital experience, it all falls apart.

With each new experience, the security risk increases. Each channel presents its own security points of failure. How can my company enable social trust as a means of connecting to customers & employees? How do I accommodate dynamic workgroups and teams of people around the globe that need to be part of my value chain? Is the Bring Your Own Device (BYOD) threatening the security of my digital and intellectual property? How can I securely connect mobile devices to my enterprise without compromising security? Are my applications secure enough to be cloud ready?

The security solution, thus, needs to scale and span across all the channels, encompass the growing breadth of both the “company resources” and the user population. The solution needs to provide the foundation (a platform) that feeds uniform security policies and extends identity context to the complete digital experience.

Naresh Persaud, Director, Security and Identity Management at Oracle, discusses the IT transformation driven by SoMoClo and underscores the need for a sound security solution. Catch this brief screencast on Securing the New Digital Experience to learn how the latest advances in Oracle Identity Management and Oracle Fusion Middleware solutions are fueling the transformation that is driving innovation in IT today.

For more information on Oracle Identity Management, visit us or join the conversation on our blog, Facebook page or catch us on Twitter.

Monday Mar 04, 2013

Live Twitter Chat on Mobile IDM - Get Heard!

You are invited! If you have something to say on Mobile Security and Identity Management, if you have questions on the security requirements to support mobile, if you have experience with mobile security, if you have been following the developments (the debates and discussions) on this topic, you are invited to participate in the live twitter conversation on Mobile Identity Management. Amit Jasuja, the Senior Vice President at Oracle will kick-off the discussion on @OracleIDM on Thursday, March 7th at 9 am Pacific/ 12 pm Eastern, and we hope to hear from you and the rest of the IDM twitterverse.

The live twitter chat would run 45 minutes and we look to have a meaningful conversation on the current challenges, existing solutions, potential deficiencies in the solutions, industry's task list, expected outcomes, and more if time permits. So, if you have a twitter handle, we encourage you to participate in the live discussion. Join or simply follow along using hashtag: #mobileidm.

And, if you have questions in mind, simply send those to us @OracleIDM and we will do our best to include or have those addressed by the IDM community.

So, mark your calendar:

Live Tweet Chat

Topic: Mobile IDM
Date: Thursday, March 7th (this week!)
Time: 9 am Pacific/ 12 pm Eastern
Hashtag: #MobileIDM
Host: Amit Jasuja, SVP, Oracle on @OracleIDM

Much like the last twitter chat, we will archive and post the discussion shortly after the live event. Talk to you soon!


Thursday Feb 07, 2013

Richard III – Authentication Gets Shakespearean

With the recent discovery of Richard III in a Leicester parking lot, we realize that authenticating an individual is as important as authenticating a king. Your identity is king.

The recent twitter #authchat provides a good survey of authentication techniques. Authenticating Richard required many of the same identity management techniques we use in software. Here are a few observations:

Biometrics

DNA evidence from two related descendants was critical in verifying the identity of the king. The same is true for the way we authenticate today. While we may use finger print readers on our laptops and in our data centers, we still rely on additional factors of authentication beyond biometrics. From the description of the battle of Bosworth, many thumbs and fingers were most likely misplaced – lots of parts everywhere. If Richard were alive today, he would have commanded, “my kingdom for a thumb!” If the researchers had tested DNA from the wrong thumb, the results would have been wrong. Biometrics are only a piece of the puzzle.

Third Party Verification

The research team had to find a descendant to verify the DNA of Richard III. DNA, like a certificate, on its own is not enough to prove who you are.  A third party has to vouch for the fact that the information is correct. We may think we are advanced because we can make an instant SAML request to an identity provider to log into our 401K plan or download a ringtone, but it is perhaps more amazing that the team found an identity provider (Richard's descendant nephew) across 500+ years of the family tree, in a country thousands of miles away.

Context Aware

Finding the king and verifying the identity were almost equally challenging tasks. The location information from history played a role. In addition, the context of the injuries and the battle description were all indicators that helped to confirm the identity. Other factors including radio carbon dating and food consumption patterns were all part of the context used in the formula. Today, with many users with different roles accessing our systems, adaptive access and context aware security are used to complement authentication. Now, we may be a long way from using food consumption patterns to authenticate a user on a banking website, but I would not rule it out. It gives validity to the claim “you are what you eat.”

The key is that no single form of authentication is sufficient in all circumstances. Context helps to provide ongoing assurance that we are dealing with the correct user. It turns out Richard III was not the tyrant as he is remembered, but perhaps just the victim of identity fraud. Congrats to the research team – truly a remarkable accomplishment and the discovery demonstrates that “the king’s name is [still] a tower of strength”(Shakespeare,Richard III) -- especially given the amount of media exposure.

Monday Jan 28, 2013

Partner Blog Series: aurionPro SENA- Who Moved My Security Boundary? Part 4

IDM as a Business Enabler

By: Mike Nelsey

In this series we have reflected on the evolution of life and work practices that have brought about a demand for business to deliver services to its target audience – employees, partners or true consumers – in a new way that has led to a change in where our security boundaries are situated.  With this comes a significant improvement in customer satisfaction, a reduction in cost of delivery and consequentially an opportunity for business to drive up retention rates with services that fit people’s lives; suit the new fluid business environments.

This is no longer about enormous developments of unwieldy proprietary environments, it’s about delivery of solutions using COTS and blending this to streamline process, improve security and change delivery modes for information.  And, fundamentally, beyond the speed of business change.

Organizations cannot retain a reliance on consumers’, employees’ and partners’ apathy-cum-acceptance of average or satisfactory service in the belief that they therefore have a sustainable business model.  Whether we are talking about Public or Commercial Sector organizations, those to whom we deliver a service feel more empowered to make a choice.  Our competitors, with better service delivery will help them in this.

So, removing the barriers, acknowledging that too much process or too much security can be worse than too little, and doing so by focusing on identities as the core target for delivery is the way forward.  

One of our consultants jovially referred to it as “Breaking down the office walls” and that is not a bad place to start.

I remember when a mobile phone simply made and received calls, cost the price of a small house and was only used by the very privileged!  Since then mobile technology has made significant advances, advanced technology available in ever smaller and cheaper packages.   They are now used by the masses, an integral part of modern life and probably here to stay – well at least until the next leap to embedding devices inside people.  When leaving the house it would appear that checking you have your mobile device is as important as checking you have your keys to secure your house and your wallet for the items you wish to purchase.

A smart mobile device not only allows us to make and receive voice calls but extends the scope of communication by allowing us to send and receive information.  This information could be of a personal and or business nature.  Users are now pushing to use their own mobile devices to access business information as this limits the number of mobile devices they have to manage.  It also gives them the user experience that they prefer and a degree of freedom of expression.  As a result this means mobile business users or consumers of information require access anytime, anywhere on any device.  This is forcing companies to rapidly adopt a BYOD policy to protect their information.

Allowing users to access to information anytime, anywhere on any device does have business advantages as users can execute tasks outside of the traditional office hours.  However, the company still needs to maintain a level of security and audit data.  Users who are using their own mobile devices have neither a vested interest in nor detailed knowledge of strong security and thus may inadvertently weaken the traditional security boundaries and thus compromise the integrity of the information the company holds.

What is the solution? How do you allow users to BYOD while still maintaining an adequate level of security and give the users good experience?

Let’s consider an example.

A customer raises a support call from an office located in Australia.  The supplier’s support desk is based in the UK and closed when the ticket is raised; however a reply is still required.  The support system sends a notification to the support engineer’s personal mobile phone informing them that a ticket has been raised.  The engineer has the company support application installed on their mobile device – an application which is protected by Oracle Mobile Application.  Before the engineer is allowed to access the information they are forced to authenticate, one of the options being to use their social network credentials for convenience.  Since they have only authenticated with their social credentials the access policy on the support application only allows the engineer to view the status of the support ticket and a brief synopsis.

Based on the limited information provided, the engineer deems that an urgent reply is required and therefore loads the cloud-based company roster applications on their mobile device to determine which engineer is on call for this customer. This application is also protected by Oracle Mobile Application.  Because the engineer has previously authenticated, they are provided with Single Sign-On between the two applications as defined in the security policy.  Having determined the on-call personnel, the engineer now needs to send an email to them using the company email application.  This is also protected by Oracle Mobile Application.  Because email has a higher security value the security policy does now allow the engineer to use their social credentials to authenticate.  Therefore they are forced to re-authenticate using their company issued credentials.  

Are all mobile devices permitted to access the company resources?  Suppose the engineer gets a great bonus this month and buys a new mobile device which is not supported by the companies BYOD policy.  Integrating Oracle Identity Management with Oracle Adaptive Access Management provides device finger printing.  This allows unrecognized or unapproved mobile devices to be blocked from accessing company resources.

In summary; the modern office working hours are very flexible, gone are the days of users accessing information simply while they are in the office using the company network and or mainframe style devices.  All organizations are going through the same evolution, and thus they demand of us the same flexibility that their employees demand of them.  Employees expect choice and flexibility in working hours and working methods – providing this does have a cost, but it helps to attract and retain the best in talent and thus is a trade-off which can be justified.  As businesses expand over multiple continents, users need access to information 24 hours a day, 365 days per year in disparate locations.  

In the same way, consumers expect to be able to engage whenever it suits them.  We need to be able to respond rapidly to changing market requirements – scaling up rapidly, using the cloud, deploying new functionality – whilst at all times retaining appropriate security levels and providing an exceptional customer experience.  Those who support this by adopting social media and cloud-based identity and access models will gain competitive advantage and be able to reach consumers like never before.

Business must embrace the change in both the organizational and consumer spheres and deploy the correct technology or they will suffer in the “always plugged-in world”.

This brings the last of the series to a close,  

Despite the noise we’re creating, this is not a revolutionary-big bang approach.  An old friend always talks about sprucing up a house by tidying up the doors and windows.  Service improvement is just this.  Small visible steps based upon a thought through strategy delivering against a roadmap that has business buy in and takes account of where we are and where we want to be.  With the focus on our target populations.  Identity and access management delivering for your organization.

For more information on any of the topics we have discussed in this blog series or to request a copy of the ‘Who Moved My Security Boundary?’ brochure please email ukinfo@aurionprosena.com  or to view an electronic copy please click here.

About the Author:

Mike Nelsey, Managing Director, aurionPro SENA

Working in the IT industry since the early 90’s, Mike leads the aurionProSENA European operation. Mike has been involved in identity and access management since 1999 when the company won its first framework agreement with UK policing for web access control.  Since then he has overseen the company’s strategy moving into a focused delivery model working closely with Oracle to provide a true stack offering covering consult, design, build and support.


Wednesday Jan 16, 2013

Centrica Slashes Annual Helpdesk Costs with Oracle Identity Management

The Company:

Centrica plc is an integrated energy company operating in seven countries, including the United Kingdom and the United States. A top 30 FTSE 100 company, the organization secures and supplies electricity and gas for 30 million consumer and business customers.

Business Challenges:

  • Implement an enterprise-level single-sign on solution that the company can use initially for self-service access to HR and payroll applications with the ability to roll out to additional applications in future
  • Provide 45,000 internal and external users―including employees and gas and electricity partner organizations―with secure application access
  • Reduce the number of helpdesk calls, and associated costs, related to password and log-in related helpdesk calls

Solution:

Centrica worked with Oracle partner, auroinPro SENA to implement Oracle Identity Federation, part of Oracle’s comprehensive Oracle Access Management solution, within six months to enable secure access for employees and partner organizations. As part of its Identity and Access Management program, Centrica brought its human resources (HR) applications in-house and implemented employee and manager self-service for 45,000 users.

The implementation of Oracle Identity Federation has enabled Centrica to significantly reduce helpdesk overhead and enable streamlined access to both its employees and partners. The company leveraged Oracle Identity Management to enabled single sign-on for the Web-based, self-service HR application across different domains, using industry best practice SAML2 authentication. aurionPro SENA worked with Centrica to finalize the design and on-site consultation throughout the implementation.

For more information on Centrica’s implementation, check out the case study.

Thursday Jan 10, 2013

Partner Blog Series: Deloitte Talks Part 2: BYOD - An Emerging technology Concept

There’s an accelerating trend in the workplace raising new challenges for today’s CIO: the bring your own device (BYOD) revolution. The use and acceptance of mobile devices in the workplace is a critical issue that many chief executives are considering for their corporate environment. A BYOD strategy enables an employee to use a single device with the flexibility and usability they prefer, while providing access to both their personal and business applications and data. There are also potential cost savings for the enterprise as the employee may bear the cost of the device and the ongoing mobile access plan. An enterprise should consider the extent to which BYOD will be embraced, and the challenges BYOD presents as a part of an enterprise’s overall mobile security management strategy.

Before embarking on this journey, an organization should first decide – why BYOD? Does the increased user productivity and availability of data outweigh the risk and the associated mitigation expense? There are risks introduced at the device, application and infrastructure levels that present new challenges. These challenges may vary from compliance issues, to data leaks, to malware and challenges will likely only intensify as the number of mobile devices and operating systems proliferate. Another option is that the employer can provide employees with a mobile device hoping to enhance their productivity and ability to support the organization remotely. The illustrative chart below depicts some of the Pros and Cons of an employer providing corporate mobile devices versus letting employees use their own mobile phones and tablets.

Benefits/Obstacles

Bring Your Own

Corporate Provided

Pros

  • Device and connectivity costs incurred by employee
  • Addresses increased demand of employees to connect personal devices to corporate networks

  • Tighter device oversight and control
  • Streamlining devices, platforms and OSes simplifies IT support
  • Service fees negotiated with service providers; increased purchasing power

Cons

  • Limited device oversight and control
  • Increased challenges with enforcing legal and regulatory requirements
  • Device and data ownership questions

  • Cost of providing devices
  • High employee demand for broader diversity in devices can lead to lower satisfaction and adoption
  • May require potential increase in IT support staffing and skill set requirements
  • Privacy considerations with monitoring of employee usage and activity, etc.

As an organization gains an understanding of the key risks that may affect the business, the next step is determining and defining the approach to a secure BYOD solution deployment. One of the primary risks of mobile devices to the enterprise is the security of data that is stored on the devices. Corporate email, financial and marketing data and any other sensitive data may leak out of the organization if the device is not encrypted and adequately protected.

Another point to consider is how the organization might prevent rogue mobile devices from accessing the network. What will prevent users from bringing in their own unpatched/unapproved devices into the environment? Network Access Control (NAC) solutions may help to solve this issue. These solutions have become a popular way to manage the risk of employee owned devices. NAC allows organizations to control which devices can access each level of the organization’s internal network. For example, NAC can limit how a device can connect to the network, what it can access, prevent downloading and potentially prohibit a device from connecting at all. A “health-check” that inspects for required security configurations and controls can be performed before allowing a device to connect to the network to keep the network safe from viruses and malware that could be on an employee owned mobile device. If a “health-check” is not performed before the device is allowed on the network, the scenario described below could occur:


When determining the desired approach, it is critical for an organization to understand the specific use cases and incorporate key business drivers and objectives. This will allow the enterprise to determine if the primary objectives from a mobile security perspective are device, or data centric or a combination of both for their BYOD program.

Device Centric

Data Centric

Mobile device management (MDM)

Minimal device data footprint

Strict device policy enforcement

Communications encryption

Local data encryption

Virtualization

A device-centric approach focuses on the mobile device and associated security controls. This approach is typically centered on how the devices are managed, how policies are enforced, data encryption on the local device and solutions such as secure containers. Some key considerations supporting this approach include:

  • MDM software secures, monitors, manages and supports corporate-owned and employee-owned mobile devices deployed across an enterprise
  • Policy enforcement supports permissible/non-permissible devices, considers factors such as who can connect to the network (user types, etc.)

A data-centric approach focuses on the data stored or processed by the mobile device and how it is secured and transmitted. This approach considers how the data is managed on the devices, transmission security, virtualization and data integrity. Some key considerations are:

  • Minimizing local data storage on the device reduces the risk associated with device loss or theft
  • Securing the transmission of the data from the mobile device to internal/external servers, applications, or other devices is critical
  • Virtualization is an important technology/solution to consider in a data centric approach: virtual desktops accessible from the mobile device or data stored in virtual/cloud environments are critical elements to evaluate
  • Accessing corporate data from mobile devices introduces the need for data integrity controls

For a solid BYOD approach, not only are well defined policies and standards critical, but the technology that enforces this governance should be in place to help ensure that the standards are adhered to. Many organizations may have well defined and communicated policies, but enforcing these restrictions on their users may be a daunting task without the appropriate technology and security framework. To facilitate this approach, mobile security requirements should be defined. A gap analysis should be conducted comparing current state capabilities to the desired state. Next, an overall mobile security operations framework should be developed and the operational processes to support this framework need to be defined. If the mobile security framework is planned appropriately to support a BYOD program and the risks are mitigated throughout the lifecycle, enterprises may see increased user productivity and satisfaction.

About the Writer:

Tim Sanouvong is a Senior Manager in Deloitte & Touche LLP’s Security & Privacy practice with 13 years of experience in the information security area. He specializes in leading large security projects spanning areas such as security strategy and governance, mobile security, and identity and access management. He has consulted for several clients across diverse industries such as financial services, retail, healthcare, state government, and aerospace and defense.

This document contains general information only and Deloitte is not, by means of this document, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this document.

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see
www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Copyright © 2013 Deloitte Development LLC. All rights reserved.
Member of Deloitte Touche Tohmatsu Limited

Tuesday Nov 20, 2012

Oracle on Oracle: Is that all?

On October 17th, I posted a short blog and a podcast interview with Chirag Andani, talking about how Oracle IT uses its own IDM products. Blog link here.

Jaime Cardoso

In response, I received a comment from reader Jaime Cardoso (jaimec@jaimec.pt) who posted:

“- You could have talked about how by deploying Oracle's Open standards base technology you were able to integrate any new system in your infrastructure in days.

- You could have talked about how by deploying federation you were enabling the business side to keep all their options open in terms of companies to buy and sell while maintaining perfect employee and customer's single view.

- You could have talked about how you are now able to cut response times to your audit and security teams into 1/10th of your former times

Instead you spent 6 minutes talking about single sign on and self provisioning? If I didn't knew your IDM offer so well I would now be wondering what its differences from Microsoft's offer was.

Sorry for not giving a positive comment here but, please your IDM suite is very good and, you simply aren't promoting it well enough”

So I decided to send Jaime a note asking him about his experience, and to get his perspective on what makes the Oracle products great. What I found out is that Jaime is a very experienced IDM Architect with several major projects under his belt.

Darin Pendergraft: Can you tell me a bit about your experience? How long have you worked in IT, and what is your IDM experience?

Jaime Cardoso: I started working in "serious" IT in 1998 when I became Netscape's technical specialist in Portugal. Netscape Portugal didn't exist so, I was working for their VAR here. Most of my work at the time was with Netscape's mail server and LDAP server.

Since that time I've been bouncing between the system's side like Sun resellers, Solaris stuff and even worked with Sun's Engineering in the making of an Hierarchical Storage Product (Sun CIS if you know it) and the application's side, mostly in LDAP and IDM.

Over the years I've been doing support, service delivery and pre-sales / architecture design of IDM solutions in most big customers in Portugal, to name a few projects:

- The first European deployment of Sun Access Manager (SAPO – Portugal Telecom)

- The identity repository of 5/5 of the Biggest Portuguese banks

- The Portuguese government federation of services project

DP: OK, in your blog response, you mentioned 3 topics:

1. Using Oracle's standards based architecture; (you) were able to integrate any new system in days: can you give an example? What systems, how long did it take, number of apps/users/accounts/roles etc.

JC: It's relatively easy to design a user management strategy for a static environment, or if you simply assume that you're an <insert vendor here> shop and all your systems will bow to that vendor's will. We've all seen that path, the use of proprietary technologies in interoperability solutions but, then reality kicks in. As an ISP I recall that I made the technical decision to use Active Directory as a central authentication system for the entire IT infrastructure. Clients, systems, apps, everything was there.

As a good part of the systems and apps were running on UNIX, then a connector became needed in order to have UNIX boxes to authenticate against AD. And, that strategy worked but, each new machine required the component to be installed, monitoring had to be made for that component and each new app had to be independently certified.

A self care user portal was an ongoing project, AD access assumes the client is inside the domain, something the ISP's customers (and UNIX boxes) weren't nor had any intention of ever being.

When the Windows 2008 rollout was done, Microsoft changed the Active Directory interface. The Windows administrators didn't have enough know-how about directories and the way systems outside the MS world behaved so, on the go live, things weren't properly tested and a general outage followed. Several hours and 1 roll back later, everything was back working.

But, the ISP still had to change all of its applications to work with the new access methods and reset the effort spent on the self service user portal. To keep with the same strategy, they would also have to trust Microsoft not to change interfaces again.

Simply by putting up an Oracle LDAP server in the middle and replicating the user info from the AD into LDAP, most of the problems went away. Even systems for which no AD connector existed had PAM in them so, integration was made at the OS level, fully supported by the OS supplier.

Sun Identity Manager already had a self care portal, combined with a user workflow so, all the clearances had to be given before the account was created or updated.

Adding a new system as a client for these authentication services was simply a new checkbox in the OS installer and, even True64 systems were, for the first time integrated also with a 5 minute work of a junior system admin.

True, all the windows clients and MS apps still went to the AD for their authentication needs so, from the start everybody knew that they weren't 100% free of migration pains but, now they had a single point of problems to look at.

If you're looking for numbers:

- 500K directory entries (users)

- 2-300 systems

After the initial setup, I personally integrated about 20 systems / apps against LDAP in 1 day while being watched by the different IT teams. The internal IT staff did the rest.

DP: 2. Using Federation allows the business to keep options open for buying and selling companies, and yet maintain a single view for both employee and customer. What do you mean by this? Can you give an example?

JC: The market is dynamic. The company that's being bought today tomorrow will be sold again. Companies that spread on different markets may see the regulator forcing a sale of part of a company due to monopoly reasons and companies that are in multiple countries have to comply with different legislations.

Our job, as IT architects, while addressing the customers and employees authentication services, is quite hard and, quite contrary. On one hand, we need to give access to all of our employees to the relevant systems, apps and resources and, we already have marketing talking with us trying to find out who's a customer of the bough company but not from ours to address.

On the other hand, we have to do that and keep in mind we may have to break up all that effort and that different countries legislation may became a problem with a full integration plan.

That's a job for user Federation. you don't want to be the one who's telling your President that he will sell that business unit without it's customer's database (making the deal worth a lot less) or that the buyer will take with him a copy of your entire customer's database. Federation enables you to start controlling permissions to users outside of your traditional authentication realm. So what if the people of that company you just bought are keeping their old logins? Do you want, because of that, to have a dedicated system for their expenses reports? And do you want to keep their sales (and pre-sales) people out of the loop in terms of your group's path?

Control the information flow, establish a Federation trust circle and give access to your apps to users that haven't (yet?) been brought into your internal login systems. You can still see your users in a unified view, you obviously control if a user has access to any particular application, either that user is in your local database or stored in a directory on the other side of the world.

DP: 3. Cut response times of audit and security teams to 1/10. Is this a real number? Can you give an example?

JC: No, I don't have any backing for this number.

One of the companies I did system Administration for has a SOX compliance policy in place (I remind you that I live in Portugal so, this definition of SOX may be somewhat different from what you're used

to) and, every time the audit team says they'll do another audit, we have to negotiate with them the size of the sample and we spend about 15 man/days gathering all the required info they ask.

I did some work with Sun's Identity auditor and, from what I've been seeing, Oracle's product is even better and, I've seen that most of the information they ask would have been provided in a few hours with the help of this tool. I do stand by what I said here but, to be honest, someone from Identity Auditor team would do a much better job than me explaining this time savings.

Jaime is right: the Oracle IDM products have a lot of business value, and Oracle IT is using them for a lot more than I was able to cover in the short podcast that I posted.

I want to thank Jaime for his comments and perspective. We want these blog posts to be informative and honest – so if you have feedback for the Oracle IDM team on any topic discussed here, please post your comments below.

Wednesday Oct 24, 2012

Oracle at Information Security and Risk Management Conference (ISACA Conferences)

The North America Information Security and Risk Management (ISRM) Conference hosted by ISACA will be held this year from November 14 - 16 in Las Vegas, Nevada and Oracle is a platinum sponsor.

The ISRM / IT GRC event is not only designed to meet the exact needs of information security, governance, compliance and risk management professionals like you, but also gives you the tools you need to solve the issues you currently face. The event builds on and includes the key elements of information security, governance, compliance and risk management practices, and offers a fresh perspective on current and future trends.

As a Platinum Sponsor Oracle will not only have an opportunity to demonstrate but talk through our strategic roadmap and support to ensure all organizations understand our key role within the industry to ensure corporate data and information remains safe.

Join us at the Lunch and Learn to learn more about the latest advances in Oracle Identity Management.

Lunch and Learn Session: Trends in Identity Management
Speaker: Mike Neuenschwander, Senior Product Development Director, Oracle Identity Management
Thursday, November 15, Bermuda A, 11:45 a.m. - 1:00 p.m.

As enterprises embrace mobile and social applications, security and audit have moved into the foreground. The way we work and connect with our customers is changing dramatically and this means, re-thinking how we secure the interaction and enable the experience. Work is an activity not a place - mobile access enables employees to work from any device anywhere and anytime. Organizations are utilizing "flash teams" - instead of a dedicated group to solve problems, organizations utilize more cross-functional teams. Work is now social - email collaboration will be replaced by dynamic social media style interaction. In this session, we will examine these three secular trends and discuss how organizations can secure the work experience and adapt audit controls to address the "new work order".

We also recommend you bookmark the following session:

T1 Session 301: Gone in 60 Seconds: Mitigating Database Security Risk
Friday, November 16, 8:30 am – 9:30 am

And, do be sure to stop by our booth, # 100 & #102, to not only network with our Product Development Team, but also get an onsite demonstration of Oracle Security Solutions.

See you there?


ISRM /  IT GRC
November 14 – 16, 2012
Mirage Casino-Hotel
3400 Las Vegas Boulevard South
Las Vegas, NV, 89109

Wednesday Oct 17, 2012

Oracle on Oracle: How Oracle IT uses Oracle IDM

Sometimes, the toughest customers are your own employees.  Chirag Andani runs the Product Development Security IT Group - which means that his group is responsible for internal Identity Management and Security inside Oracle.

Like a lot of large, global companies, Oracle has a complicated and dynamic IT infrastructure which continues to change as the company grows and acquires companies.

I caught up with Chirag and asked him what kinds of problems his team faces, and asked him what he thinks about Oracle IDM, and 11gR2 in particular.

Listen to the podcast interview here: podcast link and check out his presentation below.


 

Thursday Sep 27, 2012

Chock-full of Identity Customers at Oracle OpenWorld

 

Oracle Openworld (OOW) 2012 kicks off this coming Sunday. Oracle OpenWorld is known to bring in Oracle customers, organizations big and small, from all over the world. And, Identity Management is no exception.

If you are looking to catch up with Oracle Identity Management customers, hear first-hand about their implementation experiences and discuss industry trends, business drivers, solutions and more at OOW, here are some sessions we recommend you attend:

Monday, October 1, 2012

CON9405: Trends in Identity Management
10:45 a.m. – 11:45 a.m., Moscone West 3003

Subject matter experts from Kaiser Permanente and SuperValu share the stage with Amit Jasuja, Snior Vice President, Oracle Identity Management and Security to discuss how the latest advances in Identity Management are helping customers address emerging requirements for securely enabling cloud, social and mobile environments.

CON9492: Simplifying your Identity Management Implementation
3:15 p.m. – 4:15 p.m., Moscone West 3008

Implementation experts from British Telecom, Kaiser Permanente and UPMC participate in a panel to discuss best practices, key strategies and lessons learned based on their own experiences. Attendees will hear first-hand what they can do to streamline and simplify their identity management implementation framework for a quick return-on-investment and maximum efficiency.

CON9444: Modernized and Complete Access Management
4:45 p.m. – 5:45 p.m., Moscone West 3008

We have come a long way from the days of web single sign-on addressing the core business requirements. Today, as technology and business evolves, organizations are seeking new capabilities like federation, token services, fine grained authorizations, web fraud prevention and strong authentication. This session will explore the emerging requirements for access management, what a complete solution is like, complemented with real-world customer case studies from ETS, Kaiser Permanente and TURKCELL and product demonstrations.

Tuesday, October 2, 2012

CON9437: Mobile Access Management
10:15 a.m. – 11:15 a.m., Moscone West 3022

With more than 5 billion mobile devices on the planet and an increasing number of users using their own devices to access corporate data and applications, securely extending identity management to mobile devices has become a hot topic. This session will feature Identity Management evangelists from companies like Intuit, NetApp and Toyota to discuss how to extend your existing identity management infrastructure and policies to securely and seamlessly enable mobile user access.

CON9491: Enhancing the End-User Experience with Oracle Identity Governance applications
11:45 a.m. – 12:45 p.m., Moscone West 3008

As organizations seek to encourage more and more user self service, business users are now primary end users for identity management installations.  Join experts from Visa and Oracle as they explore how Oracle Identity Governance solutions deliver complete identity administration and governance solutions with support for emerging requirements like cloud identities and mobile devices.

CON9447: Enabling Access for Hundreds of Millions of Users
1:15 p.m. – 2:15 p.m., Moscone West 3008

Dealing with scale problems? Looking to address identity management requirements with million or so users in mind? Then take note of Cisco’s implementation. Join this session to hear first-hand how Cisco tackled identity management and scaled their implementation to bolster security and enforce compliance.

CON9465: Next Generation Directory – Oracle Unified Directory
5:00 p.m. – 6:00 p.m., Moscone West 3008

Get the 360 degrees perspective from a solution provider, implementation services partner and the customer in this session to learn how the latest Oracle Unified Directory solutions can help you build a directory infrastructure that is optimized to support cloud, mobile and social networking and yet deliver on scale and performance.

Wednesday, October 3, 2012

CON9494: Sun2Oracle: Identity Management Platform Transformation
11:45 a.m. – 12:45 p.m., Moscone West 3008

Sun customers are actively defining strategies for how they will modernize their identity deployments. Learn how customers like Avea and SuperValu are leveraging their Sun investment, evaluating areas of expansion/improvement and building momentum.

CON9631: Entitlement-centric Access to SOA and Cloud Services
11:45 a.m. – 12:45 p.m., Marriott Marquis, Salon 7

How do you enforce that a junior trader can submit 10 trades/day, with a total value of $5M, if market volatility is low? How can hide sensitive patient information from clerical workers but make it visible to specialists as long as consent has been given or there is an emergency? How do you externalize such entitlements to allow dynamic changes without having to touch the application code? In this session, Uberether and HerbaLife take the stage with Oracle to demonstrate how you can enforce such entitlements on a service not just within your intranet but also right at the perimeter.

CON3957 - Delivering Secure Wi-Fi on the Tube as an Olympics Legacy from London 2012
11:45 a.m. – 12:45 p.m., Moscone West 3003

In this session, Virgin Media, the U.K.’s first combined provider of broadband, TV, mobile, and home phone services, shares how it is providing free secure Wi-Fi services to the London Underground, using Oracle Virtual Directory and Oracle Entitlements Server, leveraging back-end legacy systems that were never designed to be externalized. As an Olympics 2012 legacy, the Oracle architecture will form a platform to be consumed by other Virgin Media services such as video on demand.

CON9493: Identity Management and the Cloud
1:15 p.m. – 2:15 p.m., Moscone West 3008

Security is the number one barrier to cloud service adoption.  Not so for industry leading companies like SaskTel, ConAgra foods and UPMC. This session will explore how these organizations are using Oracle Identity with cloud services and how some are offering identity management as a cloud service.

CON9624: Real-Time External Authorization for Middleware, Applications, and Databases
3:30 p.m. – 4:30 p.m., Moscone West 3008

As organizations seek to grant access to broader and more diverse user populations, the importance of centrally defined and applied authorization policies become critical; both to identify who has access to what and to improve the end user experience.  This session will explore how customers are using attribute and role-based access to achieve these goals.

CON9625: Taking control of WebCenter Security
5:00 p.m. – 6:00 p.m., Moscone West 3008

Many organizations are extending WebCenter in a business to business scenario requiring secure identification and authorization of business partners and their users. Leveraging LADWP’s use case, this session will focus on how customers are leveraging, securing and providing access control to Oracle WebCenter portal and mobile solutions.

Thursday, October 4, 2012

CON9662: Securing Oracle Applications with the Oracle Enterprise Identity Management Platform
2:15 p.m. – 3:15 p.m., Moscone West 3008

Oracle Enterprise identity Management solutions are designed to secure access and simplify compliance to Oracle Applications.  Whether you are an EBS customer looking to upgrade from Oracle Single Sign-on or a Fusion Application customer seeking to leverage the Identity instance as an enterprise security platform, this session with Qualcomm and Oracle will help you understand how to get the most out of your investment.

And here’s the complete listing of all the Identity Management sessions at Oracle OpenWorld.

Wednesday Sep 26, 2012

Meet and Greet with IDM Executives at Oracle OpenWorld

Oracle’s Identity Management Team

Invites You to

Learn How to Secure The New Digital Experience

Come see how the Oracle Identity Management platform can position your company to take
advantage of the emerging business opportunities.

  • Leverage Social Identities for web authentication
  • Enable customers and employees to interact through their mobile devices
  • Deploy Self Service User Provisioning for quick role changes based on business needs

We look forward to seeing you there!

Wednesday, October 3rd 
3:30-4:30 PM  Meeting
4:30-5:30 PM  Cocktail Reception

Four Seasons Hotel

Yerba Buena Room

757 Market Street
San Francisco, CA 94103
415.633.3000
http://www.fourseasons.com/sanfrancisco/

 

RSVP Now

Copyright © 2012, Oracle and/or its affiliates. 
All rights reserved.

Contact Us | Legal Notices and Terms of Use | Privacy Statement

Wednesday Sep 19, 2012

Security Newsletter – September Edition is Out Now

 

The September issue of Security Inside Out Newsletter is out now. This month’s edition offers a preview of Identity Management and Security events and activities scheduled for Oracle OpenWorld. Oracle OpenWorld (OOW) 2012 will be held in San Francisco from September 30-October 4. Identity Management will have a significant presence at Oracle OpenWorld this year, complete with sessions featuring technology experts, customer panels, implementation specialists, product demonstrations and more. In addition, latest technologies will be on display at OOW demogrounds. Hands-on-Labs sessions will allow attendees to do a technology deep dive and train with technology experts.

Executive Edge @ OpenWorld also features the very successful Oracle Chief Security Officer (CSO) Summit. This year’s summit promises to be a great educational and networking forum complete with a contextual agenda and attendance from well known security executives from organizations around the globe.

This month’s edition also does a deep dive on the recently announced Oracle Privileged Account Manager (OPAM). Learn more about the product’s key capabilities, business issues the solution addresses and information on key resources. OPAM is part of Oracle’s complete and integrated Oracle Identity Governance solution set.

And if you haven’t done so yet, we recommend you subscribe to the Security Newsletter to keep up to date on Security news, events and resources.

As always, we look forward to receiving your feedback on the newsletter and what you’d like us to cover in the upcoming editions.

Monday Sep 17, 2012

New in 11gR2: Oracle Optimized System for Oracle Unified Directory (OOS4OUD) Podcast

There have been a lot of cool new features in the IDM 11gR2 related to new functionality: social log-in capability, mobile application security, and self service access requests, just to name a few.  But what about performance?

In the 11gR2 release we announced the availability of an Optimized System configuration for Unified Directory.  Oracle is very focused on software with matching hardware that is configured and tuned to get the best performance possible.  I caught up with Nick Kloski, Infrastructure Solutions Manager and asked him to talk me through the new Optimized System for OUD.

Listen to the podcast interview here. Podcast Interview

Monday Sep 10, 2012

Focus on Identity Management at Oracle OpenWorld12

OOW12

Heading to Oracle OpenWorld 2012? Then we have Identity Management and relevant sessions all mapped out for you to help you navigate Oracle OpenWorld. Do make use of Focus On Identity Management document online or if you’d like to have a copy handy, use the pdf version instead.

In the meantime, here are the 3 must-attend Identity Management sessions for this year:

  • Trends in Identity Management
    Monday, October 1, at 10:45 a.m., Moscone West L3, room 3003, (session ID# CON9405)
    Led by Amit Jasuja, this session focuses on how the latest release of Oracle Identity Management addresses emerging identity management requirements for mobile, social, and cloud computing. It also explores how existing Oracle Identity Management customers are simplifying implementations and reducing total cost of ownership.
  • Mobile Access Management
    Tuesday, October 2, at 10:15 a.m., Moscone West L3, room 3022, (session ID# CON9437)
    There are now more than 5 billion mobile devices on the planet, including an increasing number of personal devices being used to access corporate data and applications. This session focuses on ways to extend your existing identity management infrastructure and policies to securely and seamlessly enable mobile user access.
  • Evolving Identity Management
    Thursday, October 4, at 12:45 p.m., Moscone West L3, room 3008, (session ID# CON9640)
    Identity management requirements have evolved and are continuing to evolve as organizations seek to secure cloud and mobile access. This session explores emerging requirements and shares best practices for evolving your identity management implementation, including the value of a service-oriented, platform approach.

For a complete listing of all identity management sessions, hands-on labs, and more, see Focus on Identity Management now. See you at OOW12. 

Wednesday Aug 29, 2012

Sun2Oracle: Upgrading from DSEE to the next generation Oracle Unified Directory

OUD is part of Directory Services

Mark your calendars and register to join this webcast featuring Steve Giovanetti from Hub City Media, Albert Wu from UCLA and our own Scott Bonnell as they discuss a directory upgrade project from Sun DSEE to Oracle Unified Directory.

Date: Thursday, September 13, 2012
Time: 10:00 AM Pacific

Join us for this webcast and you will:

  • Learn from one customer that has successfully upgraded to the new platform
  • See what technology and business drivers influenced the upgrade
  • Hear about the benefits of OUD’s elastic scalability and unparalleled performance
  • Get additional information and resources for planning an upgrade

Register Now!

Friday Aug 24, 2012

Oracle Magazine Sept/Oct 2012 - Security on the Move

Oracle Magazine

This month's Oracle Magazine cover story is Security on the Move.  In it, two Oracle IDM customers discuss their impressions of the latest IDM release.  Kurt Lieber from Kaiser Permanente and Peter Boyle from BT discuss how they are using Oracle IDM to enable their business.

Click this link to see the latest issue: http://www.oracle.com/technetwork/issue-archive/2012/12-sep/index.html

In addition to the cover article, the Analyst’s Corner features an interview with Sally Hudson from IDC focusing on IDM issues :

http://www.oracle.com/technetwork/issue-archive/2012/12-sep/o52analyst-1735921.html

And the Partner Perspectives contains information from our IDM partners Hub City Media, aurionPro SENA, and ICSynergy


Tuesday Aug 14, 2012

Identity Management at Oracle OpenWorld 2012

Are you registered for Oracle OpenWorld 2012 to be held in San Francisco from September 30 to October 4? Visit the Oracle OpenWorld 2012 site today for registration and more information. And, if you need further convincing, here’s a preview of the planned sessions and forums on Identity Management.

Identity Management General Sessions*

Monday October 1, 2012

TIME

TITLE

LOCATION

10:45 am – 11:45 am

CON9405: Trends in Identity Management

Amit Jasuja, Senior Vice President, Identity Management and Security, Oracle

Moscone West, L3      Room 3003

1:45 pm – 2:45 pm

CON9437: Mobile Access Management

Daniel Killmer, Principal Product Manager, Oracle

Moscone West, L3       Room 3008

1:45 pm – 2:45 pm

CON3568: Unified User Provisioning & Management using Oracle Identity Management 11g

Sada Rajagopalan, Solution Architect, Collegeboard

Moscone West, L3       Room 3011

3:15 pm – 4:15 pm

CON9492: Simplifying your identity management implementation

Viresh Garg, Director, Product Management, Oracle

Moscone West, L3      Room 3008

4:45 pm – 5:45 pm

CON9444: Modernized and Complete Access Management

Forest Yin, Director, Product Management, Oracle

Moscone West, L3       Room 3008

Tuesday October 2, 2012

TIME

TITLE

LOCATION

11:45 am – 12:45 pm

CON9491: Enhancing End User Experience with Oracle Identity Governance

Sanjay Rallapalli, Principal Product Manager, Oracle

Moscone West, L3        Room 3008

1:15 pm – 2:15 pm

CON9447: Enabling Access for Hundreds of Millions of Users

Vamsi Motukuru, CMTS, Oracle

Moscone West, L3       Room 3008

5:00 pm – 6:00 pm

CON9465: Next Generation Directory - Oracle Unified Directory

Etienne Remillon, Principal Product Manager, Oracle

Moscone West, L3

Room 3008

Wednesday October 3, 2012

TIME

TITLE

LOCATION

10:15 am – 11:15 am

CON9458: Eliminate end-user managed passwords while increasing security with Oracle ESSO

Daniel Killmer, Principal Product Manager, Oracle

Moscone West, L3        Room 3008

11:45 am – 12:45 pm

CON9494: Sun2Oracle: Identity Management platform transformation

Scott Bonnell, Senior Director, Oracle

Moscone West, L3        Room 3003

11:45 am – 12:45 pm

CON9631: Entitlement-centric access to SOA and cloud services – Development Track

Sreenivasa Chitturi, Senior Software Development Manager, Oracle

Moscone West, L3        Room 3008

11:45 am – 12:45 pm

CON3957: Delivering secure WiFi on the Tube as an Olympic legacy from London 2012

Ben Bulpett, Director, Enline plc Ben Bulpett, Director, Enline plc

TBD

1:15 pm – 2:15 pm

CON9493: Identity Management and the Cloud

Melody Liu, Senior Principal Product Manager, Oracle

Moscone West, L3

Room 3008

3:30 pm – 4:30 pm

CON9624: Real-time External Authorization for Middleware, Applications and Databases

Sid Mishra, Principal Product Manager, Oracle

Moscone West, L3        Room 3008

5:00 pm – 6:00 pm

CON9625: Taking Control of Oracle WebCenter Security

Ganesh Kirti, Senior Director, Platform Security, Oracle

Moscone West, L3       Room 3008

Thursday October 4, 2012

TIME

TITLE

LOCATION

11:15 am – 12:15 pm

CON5794: Solutions for Migration of Oracle Waveset to Oracle Identity Manager

Steve Giovannetti, CTO, Hub City Media

Moscone West, L3        Room 3008

12:45 pm – 1:45 pm

CON9640: Evolving Identity Management

 Michael Neuenschwander, Senior Director, Oracle

Moscone West, L3      Room 3008

2:15 pm – 3:15 pm

CON9662: Securing Oracle Applications with Oracle Enterprise Identity Management Platform

Roger Wigenstam, Senior Director, Oracle

Moscone West, L3        Room 3008

* Schedule subject to change

In addition, there are Identity Management hands-on-labs sessions planned, including:

  •  Complete Access Management, and
  •  Integrated Identity Governance

Identity Management executives and experts will also be at hand for discussions and follow ups. And don’t forget to catch live demonstrations of our complete Oracle Identity Management solutions set while at OpenWorld.

Follow the conversation on Oracle OpenWorld 2012 on twitter with #OOW12 and as always, engage with us @oracleidm.

We recommend the use of the Schedule Builder tool to plan your visit to the conference and for pre-enrollment in sessions of your interest. You can search identity management sessions using the term “identity management” in the Content Catalog. We hope to see you there!

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
3
4
5
6
7
8
11
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today