Thursday May 31, 2012

The Business Case for a Platform Approach

Most customers have assembled a collection of Identity Management products over time, as they have reacted to industry regulations, compliance mandates and security threats, typically selecting best of breed products.  The resulting infrastructure is a patchwork of systems that has served the short term IDM goals, but is overly complex, hard to manage and cannot scale to meets the needs of the future social/mobile enterprise.

The solution is to rethink Identity Management as a Platform, rather than individual products. Aberdeen Research has shown that taking a vendor integrated platform approach to Identity Management can reduce cost, make your IT organization more responsive to the needs of a changing business environment, and reduce audit deficiencies. 

View the slide show below to see how companies like Agilent, Cisco, ING Bank and Toyota have all built the business case and embraced the Oracle Identity Management Platform approach.

Tuesday Mar 13, 2012

Identity Management at COLLABORATE 12

 

Getting ready for COLLABORATE 2012? If Security and Identity Management are top of mind for you, then we have some recommendations for you.

Bringing together Oracle Applications and Technology education, COLLABORATE 2012 is a forum designed and delivered by Oracle users. Produced by the three independent user groups, Independent Oracle Users Group (IOUG), Oracle Applications Users Group (OAUG) and Quest International Users Group (Quest), COLLABORATE offers keynotes, deep-dives, workshops and user-driven sessions spanning technology, application and cross solutions. This year the conference is from April 22- 26 at Mandalay Bay Convention Center in Las Vegas.
 
Oracle Identity Management solutions enable organizations to secure critical data and applications, efficiently enforce regulatory compliance and reduce operational costs. In addition to our conference sessions, as an added value this year, we are offering a half-day deep dive session on Oracle Identity Management: Building a Security and Compliance Framework for Oracle Systems. The session is scheduled for Sunday, April 22nd from 9 am to 3 pm and will cover relevant topics such as:
• A Primer on Identity Management
• Security and Compliance with Oracle Identity Management
• Security for Oracle Applications, Fusion Applications
• Managing Identities in The Cloud and Mobile World
• Best Practices: Building an Identity Roadmap and Getting Started

To get a head start on your compliance and security program, pre-register for this session today.

The Identity Management sessions are supported by subject matter experts on technology, consulting and implementation so you are sure to get the complete perspective on what it takes to design and implement a successful program to meet your security and compliance objectives.

To find out more about Identity Management at COLLABORATE 12, here’s our recommended roadmap:
1. If you haven’t done so, do browse through COLLABORATE 12 website and register with the user group for information and events most tailored to your needs.
2. Click on “My Show Planner” and enter “Identity Management” in the keyword search box.
3. Pre-register for the sessions by clicking on “Add to Planner”

 

Look forward to seeing you at COLLABORATE 12 in Las Vegas next month.

Thursday Mar 01, 2012

Platform Approach Series in Asia

The Aberdeen report results are not specific to North America alone - the results were global. Fourteen percent of the participants were companies based in Asia. In addition, the results covered companies of different sizes in terms of annual revenue:

  • 32% Small  < $50M
  • 36% Mid-size  $50M - $1B
  • 32% Large >$1B 

The platform approach series will continue in 16 cities in Asia.

Taipei, March 22nd

Beijing, April 17th  

New Delhi, April 18th

Shanghai, April 19th

Bangalore, April 19th 

Singapore, April 19th

Hanoi, April 19th

Bankok, April 24th

Chennai, April 24th

Taiwan, April 25th

Mumbai, April 26th  

Jakarta, April 26th

Melbourne, May 1st

Canberra, May 2nd

Sydney, May 3rd  

Kuala Lumpur, May 15th  

Tuesday Feb 07, 2012

Oracle Named a Leader in both User Provisioning and Identity and Access Governance

Oracle Identity Management solutions were positioned in the Leaders quadrants, in the two recently published Gartner Magic Quadrant reports. This post is the first in a series of multi-part blog discussion, and over the course of next few weeks, we’d be covering details on what we believe make Oracle’s User Provisioning (Identity Administration) solution, Oracle Identity Manager and our Identity and Access Governance solution, Oracle Identity Analytics truly unique and industry leading.

Gartner published their first-ever Magic Quadrant for Identity and Access Governance and Oracle is a leader.

Source: Gartner Magic Quadrant for Identity and Access Management, Dec. 15, 2011. Doc ID#223606. Authors: Earl Perkins and Perry Carpenter. Page 3

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available by clicking on the note title. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any of warranties of merchantability or fitness for a particular purpose.

Identity and Access Governance solutions offer business users identity analytics and reports to address governance, audit and compliance challenges. According to Gartner, leaders in Identity and Access Governance (IAG) are “composed of vendors that provide products with a good functional match to client requirements for establishing a governance system for access. These vendors have been successful in building an installed base and revenue stream within the IAG market, and have a relatively high viability rating (because of IAG revenue). Leaders also show evidence of superior vision and execution for anticipated requirements, as they relate to technology, methodology or means of delivery. Leaders typically have significant market share, strong revenue growth, and demonstrated early customer satisfaction with IAG capabilities and/or related service and support.”

Oracle Identity Analytics is an advanced Identity and Access Governance solution from Oracle offering rich analytics, prioritized risk scoring, business-friendly dashboards, and advanced compliance features that monitor, analyze, review, and govern user access to mitigate risk, build transparency and satisfy compliance mandates.

The key challenge we often hear organizations talk about is scaling the compliance processes. Performing access certifications across not a handful but 100s of applications requires not just an automated solution but a powerful (but business friendly) process engine solution powered by analytics to make sense of all the data. To make it a real world discussion rather than a theoretical one, join ING and Oracle on a live webcast:  Scaling Role Management and Access Certification to Thousands of Applications on Wednesday, April 11, 2012 10:00 AM PDT where ING discusses how they successfully tackled the scale challenge.

Close on its heels, Gartner also published its 2011 Magic Quadrant for User Provisioning and Oracle is a Leader.

Source: Gartner Magic Quadrant for User Administration/Provisioning, Dec. 22, 2011. ID# G00219354. Authors: Perry Carpenter and Earl Perkins. Page 4

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available by clicking on the note title. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any of warranties of merchantability or fitness for a particular purpose.

Two things are clear with these reports. Organizations are looking at integrated, platform solutions to meet their audit and compliance needs. Platform approach is the only viable approach to close security and audit gaps, reduce TCO and derive the complete picture. And we believe with Oracle’s positioning in the leaders quadrant for both User Provisioning and Identity and Access Governance, organizations are assured that they are not only getting the complete solution but also best-in-class, backed by a strategic vision and strong executive commitment. Seamless integration with Oracle Identity Manager 11g makes Oracle Identity Analytics 11g industry's only access governance solution to offer an accurate closed-loop remediation solution with risk feedback calculated over a user’s lifecycle as actionable insight for certification reviews. To get customers’ perspectives on the implementation and results from the platform approach, we recommend you look at our monthly webcast series on the subject:

Customers Talk: Identity as a Platform.

If you are looking at user provisioning and/or compliance solutions, we suggest you start by downloading these analyst reports and our recently issued press release on the subject. For more information on Oracle’s platform approach to Identity Management and to learn more about our best-in-class Identity Management solutions, visit us at www.oracle.com/identity or contact us via our online communities: Facebook, Blog and Twitter.

You may also find the following resources helpful:

Ongoing Webcast Series: Customers Talks: Oracle Identity Management as a Platform

ISACA Webcast: Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics

Customer stories: Tackling Compliance Challenges with Oracle Identity Analytics

What’s New in Oracle Identity Manager 11g

Saturday Jan 21, 2012

Unified Directory: An Interview with Etienne Remillon

Etienne Remillon is principal Product Manager in charge of Oracle's Unified Directory Server offering. As a veteran directory expert, Etienne was product manager for the Sun IPlanet Directory Server and is now focused on Oracle's next wave of directory innovation. As the web access market has grown, the demands for more scalable authentication and authorization has required greater scale. In this interview Etienne discusses the drivers shaping the directory server market. While many think directory servers are a commodity item, Etienne explains how the demand for write performance and mobile computing are dramatically changing the way we look at directories. Click here to listen to this interview. 

As more organizations create mobile application stores and serve more data to consumers and employees, the corporate and extranet directories need to scale to accomodate the increase demand. In addition, with more mobile applications storing location data and personalization data, the fraction of write transactions in a typical environment is increasing.Click here for info on Oracle Unified Directory 11g.

Tuesday Jan 17, 2012

Followup From Webcast: Preventing Fraud in The Cloud

Thanks to all who joined our webcast today on preventing fraud in the cloud. If you missed the webcast, you can catch the on-demand recording here. If Identity in the cloud is of special interest, you can learn more about the topic on another upcoming webcast we will host on January 25th webcast. You can register for the event here. Here is an embedded copy of the slides.  In addition, there were a few audience questions during todays webcast and I have captured the answers below. 

Od webcast-cloud-fraud final
padding-right: 0px; padding-bottom: 12px; padding-left: 0px; "> View more presentations from OracleIDM

Q: Thinking of fraud and Identity Management - how can Identity help address this ?

A:  In addition to our adaptive access offering which Gail spoke of, there are other things organizations should look at. Organizations should look at Oracle Identity Analytics to provide review of access rights to prevent and detect access that is inappropriate. In addition, organizations should look at automated provisioning to help automatically remediate access violations that are detected.


Q: What cloud based applications does Oracle support today.

A: Today we have connectors that support the big brands: Google, Salesforce, Facebook etc. and we provide the ability to extend our connectors to support OAUTH enabled and standards based access via cloud providers.  Oracle On-demand today deploys the Oracle connectors in house and has the expertise to setup and manage these connectors as well.


Q: How is Oracle's cloud services different or more secure compared toother providers ?

A: Oracle is at the forefront of security services. We have been in the business for a number of years. Oracle as a company is security focused. We look at controls across all of the technologies and employ a consistent operational discipline aligned with the ISO framework. We have been PCI compliant for a long time and we process for the federal government.  This provides the highest level of security assurance. 

If you are feeling frustrated with getting access to your cloud applications, you will probably relate to the video below.


Thursday Dec 08, 2011

Video: Funny Thing, Having Too Much Information :)

As we discuss privacy and securing data, most of the conversation is about regulatory compliance and securing corporate assets. In this advertising for Oracle Entitlements Server below, we explore what happens when access to private personal information is no longer private. Things can get a little out of hand.

 If you enjoyed this one catch the others in the series

Forget your passwords much

Trouble getting access to the cloud

Audit Eye

Wednesday Dec 07, 2011

Moving Java Forward with Identity API - JSR 351

With the momentum toward cloud, mobile and social, many developers realize that Identity Management is critical to the success of these projects. JSR 351 is a community proposal intended to address how Identity Management fits into the Java standard. Driven by a community of customers and vendors, the API would standardize Identity Management objects used in applications. The specification is targeted for compatibility with Java SE and Java EE beginning with version 6. For a complete timeline and details see the slides. In addition, you can read more about the proposal here.

Sunday Dec 04, 2011

Q & A From Webcast to Asia on Platform vs. Point Solutions

Thanks to all who joined our webcast. Here is a link to the Aberdeen paper discussed during the webcast and below we have documented answers to the Q & A from the webcast. If there are any additional questions don't hesitate to give us a call at 1-800-672-2537.

Q: Based on the Aberdeen findings, what are Oracle’s views and positioning towards the results findings?

A: Oracle has always taken a platform approach to Identity and Access Management. In every release of our solutions we continue to rationalize our architecture to provide greater inter-operability so that a customer can have the flexibility to adopt any of our individual solutions and later adopt complimentary products in the stack. The key is that the data across the suite works together. As a reference you can view our end to end solution webcast.

Q: How should a company get start using a platform approach?

A: There is no pre-defined approach to getting started. The platform approach means you can choose the component that addresses your immediate need and later choose other components as your Identity and Access roadmap needs change. If your biggest challenge is audit compliance, then start with Oracle Identity Analytics. If "on-boarding" and "off-boarding" becomes a challenge then adopt Oracle Identity Manager. Regardless of which solution you choose first, the roles, users and workflows across both products will be shared. This simplifies the deployment and solution support. 

Q: Hi Can you please give me a example of Point Solution, Is it AD a Point solution? 

A: By point solution we mean solutions that are not part of an over all suite. AD would be an example of a point solution. By platform approach we mean a set of point solutions from a single vendor that inter-operate. 

Q: With regards to a platform approach to IAM, specifically which components / solutions are we referring to here that make up "IAM" platform e.g. Identity, web access management, role analytics / management, directory etc...?

A: Here we are referring to several components: Access Management, Administration and Governance, Directory Services, Fine Grained Entitlements  and SOA security   

Q: What are the realistic timelines to implement for bigger organizations ?

A: An organization does not have to deploy all of the products in a platform to gain the benefits. Deploying each product can take a few weeks depending on the number of users and the size of the organization.

Q:Is it possible to automate all the "On-board and Leaver(Purge or Account Locking capabilities) ?

A: It is possible to automate most of this activity. Typically organizations will target the most security sensitive applications first. 

Q: What is the cost difference between Platform based on Point solutions

A: Based on the results of the Aberdeen survey organizations can save up to 48% when looking at the cost of deploying a combination of point solutions vs a platform based solution. The cost savings is directly related to the cost of integration between point products that are not part of a suite. On a per solution basis there is not much difference in the license cost. The real cost difference is cost of ownership.

Q: To my knowledge IAM has not matured and didn't cater to several of our requirements when we were looking for a solution, what do you think about its evolution in the last 5 years ? 

A: IAM has transformed drastically in the past five years. It would be good to re-examine your requirements with a fresh look at the solutions on the market.

Q: Is single sign-on supported for non-Oracle applications ?

A: Yes Oracle's Web SSO and Enterprise SSO support single sign-on for many non-Oracle applications to read more click here

Q: Will it support Employee ID and different roles of Oracle and non-Oracle Applications ?

A:  Yes, Oracle Identity Analytics and Oracle Identity Manager both support creating roles for non-Oracle applications. In addition, it can help to active a single id per employee across the organization. To learn more click here.

Q: What kinds of reports are delivered as part of the IAM suite and how can we automate some of the Audit requirements, If some of the users or Hackers Intrude is any way we can get notifications ?

A: There are several different kinds of reports that you will need to address your audit challenges. First most audits are looking for a report of separated user and verification that these users no longer have access to critical systems. Oracle Identity Manager contains reports out of the box that provide this information. You can learn more about this by clicking here for the resource page on OIM. In addition, you will want to conduct certification reviews of entitlements for critical systems. The certification review reports can be found on Oracle Identity Analytics. You can learn more about OIA by clicking here

Q: How do we integrate custom strong authentication devices with the Oracle IAM suite?

A: There are many integration points. It would be good to get in touch with an Oracle rep to understand all of the options. You can call us at  1-800-672-2537.

Q: Is there any way we can create seperate layers of IAM for Internet User Vs Intranet Users but End Users are only Employees, currently we have a challenege and not allowing Employees to login from outside, when i see Internet users, they will access ap via DMZ

A: This is a common challenge and the answer is yes. In most cases you should be able to utilize a single identity solution instance to manage both your external and internal users.

Thanks for all of the questions.  

Monday Nov 21, 2011

Kuppinger Cole Paper on Entitlements Server

Kuppinger Cole recently released a paper discussing external authorization describing how organizations can "future proof" their enterprise security by deploying Oracle Entitlements Server.  By taking a declarative security approach, security policy can be flexible and distributed across multiple applications consistently. You can get a copy of the report here.

In fact Oracle Entitlements Server is being used in many places to secure data and sensitive business transactions. The paper covers the major  use cases for Entitlements Server as well as Kuppinger Cole's assessment of the market. Here are some additional resources that reinforce the cases discussed in the paper.

 To learn more check out the new Oracle U  OES 11g course.

Thursday Nov 03, 2011

2011 Innovation Award Winners - Identity Management

The winners of 2011 Innovation Awards were announced last month during Oracle OpenWorld. The Award recognizes customers for achieving significant business value through innovative uses of Oracle Fusion Middleware.  For Identity Management, that meant deriving and proving exceptional business value, delivering architecture innovation, solving unique challenges and driving industry leadership. With over 20 nominations this year, the panelists had a difficult task ahead of them. One thing was certain though, the winners would be great examples of excepetional use of cutting-edge Identity Management solutions.

This year's winners demonstrated new ways of leveraging cloud and social environments to enhance customer interaction and service levels as well as building business intelligence from IT data to empower business and support management decisions. We congratulate the winners of 2011 Innovation Awards for Identity Management:

ING North America Insurance

Looking to streamline the access certification processes for in-time compliance and manage the complexity of user identity administration, ING North America Insurance implemented Oracle Identity Analytics and Oracle Identity Manager. A combination of detailed planning, close collaboration with Oracle and its implementation partner, and the use of advanced industry solutions allowed ING to achieve its compliance and governance goals. In addition, with business friendly reports and actionable insight, ING's implementation empowered business and offered greater transparency. The team was also able to clearly define, measure and present success metrics to the business.

College Board

With over 50 identity stores and multiple point solutions including some custom technologies, the organization found integrating applications and extending the identity management platform to be complex, time-consuming, costly and unscalable. The approach also left security gaps. To tackle these inefficiencies and unnecessary overhead, College Board started with the implementation of Oracle Identity and Access Management Suite Plus. Not only was the organization looking to seamlessly replace the old, non-standard custom system with a centralized, integrated, standards-based platform, College Board was also looking to leverage social media with the enterprise environment. The innovative integration with Oracle Identity Manager and Oracle Identity Federation allows the organization to reach millions of potential users via social media and offer advanced services to the users using federated login. The use of Oracle Access Manager and Oracle Directory Services enable secure authentication services for College Board's users.

TTNET A.S.

A subsidiary of Turk Telecom, TTNET serves over 6.5 million subscribers across Turkey, providing high technology broadband and other value-added services (VAS). TTNET's VAS are different web applications (each with their own authentication server and user repositories) and technologies coming from 10 different partners. Providing a seamless experience to the customer, thus, became a challenge. Lack of a common authentication platform also left security gaps. With the implementation of Oracle Identity and Access Management Suite Plus, TTNET launched its "Tek Sifre" (One Password) project VAS, providing its subscriber base unified single sign-on with secure and standard authentication and user administration in the background. Now, the customers can use secure single sign-on while the company leverages a standards based user access management and identity adminsitration platform for identity management and compliance, SLA reporting.

ManpowerGroup

Here is a great example of cloud-based Identity-as-a-Service implementation. The company wanted to enforce and streamline user access compliance and automate user provisioning but without having the burden to maintain the infrastructure in-house. So, leveraging Oracle Identity Manager and Oracle Identity Analytics technologies via Simeio Solution's DirectAXS offering, the company was able to achieve its compliance, security and user productivity goals. The implementation benefits included streamlined and automated user provisioning, complete with audit trails and efficient access certification with complete view of user privileges and advanced detection and remediation of ghost accounts.

For information on the winners of the Fusion Middleware Awards for 2011, visit:

http://www.oracle.com/us/corporate/awards/index.html

Wednesday Oct 19, 2011

Identity Management for a Car ?

Most of the conversations I have about Identity Management emphasize regulatory compliance and security risk. At the same time Identity context is also a critical business enabler. The video below shows a futuristic concept of the Toyota Smart Center. In this video, the car is not only transportation but also a personal assistant scheduling errands, assisting with calendar and navigation. In this case the car perhaps even saves a marriage. Toyota really got it right..what you will notice in this video is that the user authentication is very simple and requires very little effort from the end user. Hope you enjoy. 




 

Tuesday Oct 04, 2011

Innovation Awards - Identity Management at Oracle OpenWorld on Tuesday

One of the most anticipated events at Oracle OpenWorld for Fusion Middleware customers is the Oracle Fusion Middleware Innovation Awards ceremony. Hundreds of nominations come in every year for various product categories and a panel of judges have the unenviable task of selecting the winners - organizations that demonstrate the most innovative, industry-leading, optimal use of Oracle Fusion Middleware solutions.

Maria Forney, Director, Product Management, Oracle Fusion Middleware, would be hosting the ceremony this year that takes place today at 11:45 am Pacific in Moscone West, Room 3007 at Oracle OpenWorld. As we honor this year's most impressive customer projects, here's a quick look back at last year's Innovation Award winners for Identity Management.

NetApp

NetApp creates storage systems and software that helps customers store, manage, protect, and retain data. NetApp leverages Identity Management to authenticate systems with Oracle Identity Federation, Oracle Access Manager, and Oracle Virtual Directory, as well as provision to SaaS hosted applications. The Identity Management platform and technology allowed NetApp to reduce ETA and helpdesk tickets related to application access.

Schneider National, Inc

Schneider National, Inc. is a premier provider of truckload, logistics and intermodal services. The integrated Identity Management solution has enabled centralized role based access controls with automated request and approvals. Oracle Identity Management has improved user productivity, business processes, and security. Schneider has doubled the number of systems without increasing their administrative staff. Pricewaterhouse Coopers was the implementation partner. Read the press release for more details.

The State University of New York

The State University of New York has 64 colleges and universities that need to share access and information. Oracle Identity Management allows local campuses to manage access to a central system for their faculty and students. Oracle Identity Federation and Oracle Virtual Directory enables access to a central service, which avoids duplications of security/user information in multiple data stores. For more details on their implementation, check out this Oracle Magazine article: Positive Identification

Telenor

Telenor is the world's 6th largest mobile operator with 184 million mobile subscribers, offering communication services in 14 countries. Telenor deployed Oracle Identity Manager, Oracle Access Manager, and Oracle Identity Federation to automate 64 SOX applications, SSO, and connect to 3rd party external applications. The Oracle Identity Management platform provides a uniform, standard platform to roll out new applications, and has enhanced the end user experience and security. Skyworth TTG was the implementation partner.

We wish the very best to this year's nominees and look forward to hosting an exciting ceremony today. If you are at OpenWorld, don't miss the Identity Management sessions today where you'll hear from numerous end-users and Oracle's own product management experts. Our specialists are also at hand at Identity Management demogrounds to showcase the very latest solutions and to answer any queries that you may have. For a complete listing of today's sessions and more, please take alook at the Focus On Identity Management document.

Saturday Sep 24, 2011

Smuckers Broke Free from IBM Identity - So Can You

Thank you all for joining the webcast. The replay will be available shortly. From the audience questions and feedback I have received, many found the content useful. You can register to view a replay of the webcast on-demand .  Smuckers made a decision to go with the Oracle Identity stack to drastically simplify their architecture both from a middleware perspective and to simplify their Identity Management architecture. Reducing the number of agent based provisioning connectors and leveraging the integrated platform from Oracle reduced cost and improved their project. 

Many organizations today are in the same position with an IBM Identity Management deployment that has either stalled because of complexity or because IBM's portfolio lacks the integration and solutions to address the changing market needs. From the webcast, Scott pointed out that companies can move directly to the Oracle stack or move incrementally by taking a co-existence approach.

Taking an integrated platform approach can save up to 48% .. see the Aberdeen research. 

Here is a transcript of the Q & A from the webcast.

Q. Is Oracle ESSO integrated with the Oracle Identity Manager offering?

A. Yes - ESSO is integrated with oracle Identity Manager and the other components in the Oracle Stack as well. Oracle Identity manager provides workflow based provisioning, change and de-provisioning to ESSO. In addition, ESSO is integrated with Oracle's Access Management stack for complete single sign on.

Q.  Can we co-exist IBM's provisioning with Oracle's provisioning ?

A. Yes - there are a number of ways to do this depending on the amount of automation. In some cases the account index in IBM can be imported into Oracle Identity Manager and leveraged directly. Oracle Identity Manager can reconcile the data from each target system. The simplification with the Oracle platform drastically improves the manageability. 

Q. Can a customer extend  the Identity Platform in Fusion Applications to secure other applications in enterprise. 

A. Yes. The Identity components in Fusion Applications are full function and fully extendable. The customer would need to extend the license to cover the additional usage in the enterprise.

 Thanks for joining the webcast and we hope you join us again.

Sunday Sep 18, 2011

OOW Session - Manage Database, Solaris and Linux users with Oracle Directory Services

Centralizing and externalizing access control is a trend in Identity management. By centralizing the database and Unix accounts, administrators can divide and conquer with delegated administration and provide a single point of control for data and applications. The CISO and audit group get the benefit of a single point of audit and control. The overall impact to scale and security across the organization is dramatic. Instead of managing multiple instances of Unix systems or database services, administrators can now manage thousands of accounts per administrator. This is particularly urgent for Unix administrators who are still using NIS or NIS+ and need to find an alternative.

Join Mark Wilcox and I for this informative Open World 2011 presentation as we discuss how to centrally manage Oracle database user accounts and credentials, along with Oracle Solaris and Linux user accounts, using Oracle directory services. The session will be held on Thursday, 09:00 AM, Moscone West - room 3022.

For a complete list of Identity Management sessions at Open World 2011 see our Focus On  Document

Tuesday Aug 30, 2011

OOW Session - Achieving Context Aware Security

The DNA of Identity management has been Authentication, Authorization, Administration and Audit – but to really take a risk based approach, address the more complex regulatory pressure and still provide ROI identity management has to become more context aware, provide better analytics and provide increased control. You don't want to miss Vadim Lander - Chief Identity Architect discuss the next step in the evolution of identity management on Wednesday October 5th at 4:45 in Moscone West.

Who you are depends on the context of your activity. In the enterprise we all wear many hats and do many jobs. This makes it difficult to detect when user behavior is out of the ordinary. An integrated context aware approach is the best solution to balance the need for regulatory compliance and reduce risk.

To become risk aware, Identity Management has to become more context aware and integrated. The latency between Identity pillars creates risk. An integrated platform approach helps restore control by providing context. Join us for this session to understand how Oracle is driving innovation and creating the next generation of Identity Management solutions.

For a complete schedule of Identity Management session see the Identity Management Focus On. 

OOW Session A Directory for Enterprise and the Cloud

Earlier this year, Oracle launched Oracle Unified Directory (OUD). OUD is the next generation directory server aimed at providing the scale and performance needed to build mobile applications and cloud applications. In general the landscape for directory services is changing. If you are creating applications that require high scale authentication you won't want to miss this session on Tuesday October 4th at 4pm in Moscone West.

  • Increased demand for write operations - Today mobile applications are storing more personalization data and more location data. This is driving a greater demand for write operations. Approximately 40% of the operations are writes as opposed to 10 years ago when the write operations to the directory were approximately 20-30%. OUD provides 3x the performance on read operations when compared to ODSEE.
  • Increased speed of read operations - despite the increase in demand for write operations, the need for high speed read operations has not diminished. OUD provides a 5x performance enhancement on write operations.
    • Oracle Unified directory is part of the Oracle Directory Services Suite Plus and is an interoperable and integrated part of the directory services suite. For a full schedule of Identity Management sessions see the Identity focus onYou can view the launch webcast on demand.

OOW Session- Access to Oracle Applications

Oracle Applications contain mission critical business data. Securing access to Oracle Application data is critical for regulatory compliance and protecting the reputation of the business. Access to data and business transactions is constantly changing. Administrators need to have a central point of control to manage access policy across all Oracle applications. If you are an Oracle Applications customer, you won't want to miss this session on Monday October 3rd in Moscone West. In addition to the session there will be two hands on labs discussing Identity Management for Oracle E-business applications

 Thursday Oct 4, 10:15 

Securing Oracle Applications with Oracle Identity Management

Marriott Marquis Salon 1/2
Thursday Oct 6, 3:00

Securing Oracle Applications with Oracle Identity Management

Marriott Marquis Salon 1/2

Oracle's Access Management provide a comprehensive solution to centralize access control policy for customers using Oracle Applications and customers planning to adopt Fusion Applications. As organizations deploy Fusion Applications, many are choosing to deploy in a SaaS environment. Using Oracle Access Management users can use a single password to access their enterprise applications and cloud applications.

Whether the applications are in a public cloud or private cloud, Oracle Access Management can provide single sign-on to reduce user frustration and improve security. As a reference read our white paper on Oracle Identity Management for E-business.  To learn more about Oracle Identity Management for Fusion Applications read the white paper describing how Access Management integrated into Fusion Applications.

For a schedule of Identity Management sessions see the Identity Focus On Document

Thursday Aug 11, 2011

Getting IT Right with an End-to-End Access Control - Q&A Follow-Up

Thanks to all who joined us on our last week’s webcast on “Getting IT Right with an End-to-End Access Control Strategy”.  Identity Management is about User Authentication, Authorization, Administration  and Audit (the 4 A’s of Identity Management). But it doesn’t end with task automation. Identity Management needs to be smart (read: intelligent). It needs to ANALYZE the circumstances, understand the CONTEXT and CONTROL or manage the user interaction with the enterprise resources. Marc Boroditsky, Vice President, Oracle Identity Management, did a great job in explaining how end-to-end access control is really about becoming more context-aware with information backed by advanced analytics to offer more control.

The webcast replay is now available and we hope to continue the conversation we started with this webcast. In the meantime, I have captured the responses to the questions asked during the webcast.

Q. Is Identity Management strategic for Oracle?

A. Very much so. Oracle continues to make significant investments in Identity Management across all organizations including product development, customer and sales support, business development, marketing, and more.

Q. Where can I find the Aberdeen Report that Marc mentioned?

A. You can download the Aberdeen Report citing the findings on Platform vs. Point Solution Approach Study for Identity Management here.

Q. I was at one of the major health insurance providers recently. I was told not to bring laptop or any other hardware. I was told not to upload or download a file. Access to servers I was supposed to work on took 3+ weeks. Is that a smart way of doing security?

A. No access or limited access as a policy is detrimental to getting business done. And in fact, it may still not be an effective security measure. A smart approach would be to have layered security whereby only the right people have the right level of access to the right resources at the right time. When a user role or needs change, that change should also trigger user access and administration change. Moreover, all of this should be auditable. An integrated approach to user authentication, access authorization, administration and audit will accomplish this.

Q.  Where can I find product roadmaps for Access and Identity?

A. Technical information for all our Identity Management products is located on Oracle Technology Network. To schedule a roadmap briefing, please request your account manager.

Q. Is Oracle Identity Management part of the Oracle Database binary code?

A. No. Oracle Identity Management solutions are licensed separately.

Q. What differentiates Oracle Identity Management offering from its GRC Suite offering?

A. While GRC deals with standards-based platform for enterprise risk management, regulatory compliance, and controls enforcement, Oracle Identity Management solutions allow enterprises to manage the entire user identity life cycle across all enterprise resources and offer identity audit & compliance capabilities.

Q. How does Oracle Identity Management stack support private/public cloud infrastructure?

A. Oracle’s Identity Management stack plays a critical role in making the cloud environment secure for enterprises.

  • Identity federation is one area where standards such as SAML are quite mature and are being adopted by cloud providers and applications. Oracle Identity Federation (OIF) offers full range of standards-based federation between cloud applications and their customer’s applications.
  • Oracle Identity Manager (OIM) provides standards-based secure provisioning and self service registration of application users to cloud applications via support for SPML services and BPEL workflow definitions.
  • Oracle Enterprise Single Sign-On (ESSO) Suite lets enterprises host ESSO in a private cloud to offer users secure access to heterogeneous enterprise resources from anywhere, anytime.
  • Oracle Access Manager (OAM) provides a robust Single Sign On capability that streamlines identity authentication processes across cloud applications
  • Oracle Adaptive Access Manager (OAAM) provides strong authentication, identity verification, and fraud prevention across service provider’s cloud applications
  • Oracle Web Services Manager (OWSM)  provides policy-based authentication and authorization infrastructure for securing web services

We encourage you to download our Cloud Security Resource Kit for additional detail.

Q. With the layered security approach, are you recommending that there be a specific order of implementation i.e. Directory Services, SSO and Provisioning first and then the remaining pieces?

A. The order of implementation and even the scope of implementation are based on the organization’s needs and the specific issues/business challenges you are trying to solve. Please connect with your account manager to discuss your specific needs and chart out the appropriate implementation plan for the best return-on-investment.

Q. Is Oracle Identity Management a new technology?

A. Oracle has been offering proven, best-of-breed Identity Management solutions for quite some time. With continued investment in technology and resources, Oracle’s Identity Management solutions portfolio has grown significantly over the years. For a complete list of Oracle Identity Management offerings and more information, please visit us at www.oracle.com/identity.

Q. Can I use Oracle Identity Management to centrally manage access for multiple external clients?

A. Yes. Oracle Identity Management solutions allow you to centrally manage user authentication, authorization, administration and identity audit across all resources and for all users regardless of whether they are within or outside your organization. A good example of external user facilitation is:  Qualcomm Case Study: Supporting User Federation using Oracle Identity Federation.

Q. Can Oracle Identity Management provide the visual graphic metrics of all user activities like the Oracle OEM alert metric?

A. Oracle Identity Analytics provides actionable dashboards, graphs and metrics for user and identity audit at any time.  Oracle Adaptive Access Manager provides strong risk-based authentication features like real-time risk alerts based on behavioral profiling and advanced risk analytics.

Q. How do we integrate the new Oracle Identity product with other large apps e.g. Siemens PLM product?

A. Oracle Identity Manager can integrate with Siemens PLM using the application’s API or if the application supports SPML, then by using SPML calls. Oracle Identity Manager’s Identity Connector Framework makes the integration process quite flexible, scalable and efficient. Most market leading applications and systems are supported out-of-the-box.

Q. How can the tool set transit the identity between the layers, for instance if I have a JBOSS server and a WebLogic server, how can I pass the identity from one to the other so that both can participate in this vision?

A. With Oracle Identity Management, you can externalize identities to a centralized identity platform supported by Oracle Platform Security Services (OPSS). OPSS allows you to abstract security, audit, and identity management functionality from applications so you no longer have to hard code these in individual applications thereby reducing the time and cost for application lifecycle. Read more about this revolutionary approach here.

Q. Would I need Oracle Directory Services if I have Oracle Identity Manager in-house?

A. Oracle Directory Services Plus and Oracle Identity Manager are complementary solutions. Oracle Directory Services Plus is the industry’s only integrated solution that offers identity virtualization, storage, proxy and synchronization services for high-performance enterprise and carrier-grade environments. Oracle Identity Manager is an identity administration and user provisioning solution that automates the process of adding, managing, updating and deleting user accounts on enterprise resources, whether on-premise or in the cloud. While these solutions work very well together and solve unique challenges, the implementation of one does NOT require the implementation of the other.

Hope this is just a start of our conversation on this subject. We look forward to hearing your feedback on the approach Marc alluded to during the webcast and how it applies to the organizations today.

Tuesday Aug 09, 2011

Securing Your Electronic Health Records

Thanks to all those who joined our webcast on securing electronic health information records. According to the survey by healthcare IT News many organizations are depending on the EHR vendors to take care of the security requirements; however, a more systematic approach has to be taken in order to meet the compliance and "meaningful" use requirements .  Mark Ford from Deloitte did a great job of setting the context around the legislation and the changing requirements. Thanks for all of the great questions on the webcast and I want to take the time to make sure we capture the answers. I will post a replay. Mike mentioned the Aberdeen report comparing the platform vs the point solution this may provide some benefit as you think about your road map.

  • Question: Looking at certification review with regard to clinician access - we have lots of cases where clinicians have excessive access - what else can I do with regard to a layered ?
  • Answer: So there are two things that we would recommend - many of the excessive access issues can be prevented in the first place by provisioning ( See Oracle Identity Manager) users based on a pre-defined job role. This model works well and can speed up the audit. The second thing that organizations are doing is complimenting certification review with detective monitoring provided by Oracle Security Governor . To streamline the certification review portion - Oracle Identity Analytics has some easy to use reporting that can make this less cumbersome.
  • Question: We have primary care physicians scheduling appointments through our web interface from different parts of the state - can your solution help us manage their user passwords.
  • Answer: Yes - if you are using a web interface then we could enable self service password management for your connecting physicians. You can provide this capability with Oracle Access Manager - also consider the ability for your connecting physicians to connect directly to your external portal with Federation capabilities 
  • Question: Is there a role life-cycle management capability in the Oracle stack. How would I get started in that process
  • Answer: Yes Oracle Identity Analytics provides this - you can download it from our site
  • Question: SSO is well understood by all, but what about signing off? Multiple apps running over one SSO, how do you manage the signing off of individual apps?
  • Answer: This a great question - there are many circumstances where this is required - so with Oracle ESSO there is an ability for sign of where ESSO cleans up the cache so that someone else can use the terminal - we find this case in healthcare a lot.
  • Question: We are a hospital with lots of VIP celebrity patients - how can we secure access to specific the specific vip patient data .
  • Answer: We get asked this a lot - feel free to reach out to us and we can setup a conversation with a couple of our customers who are solving the same problem. Basically, there are a number of ways to solve this. At a detective level our security governor can detect when the incidence has occurred we can also use the Oracle Entitlements Server to guard the data directly at the application level. Would be happy to schedule a demo.
  • Question: What if we have an existing HR system like Peoplesoft can we use that to drive the access provisioning of our clinicians.
  • Answer: Yes if you have Peoplesoft or any other HR system - we can connect and drive provisioning from this source. There are is a white paper on this on our website.
  • Question: Given that there are lots of offerings in the product stack - where should we get started - can we start with any product in the stack
  • Answer: Because we have integrated the stack - customers can start from any point depending on the need. One paper that might be helpful is the recent Aberdeen report that talks about the tremendous cost saving of going with the platform approach.

Hope these answers provide you what you need. If you have follow up questions you can post them as comments below and we will answer them. Thanks again for joining us and we look forward to chatting again soon.



Thursday Aug 04, 2011

Getting IT Right with an End-to-End Access Control Strategy

In our last post, we talked about how new technologies and trends are driving the demand for identity management solutions. The question is: Are Identity Management solutions of today rising up to those challenges? While some of the time-tested Identity Management solutions are achieving maturity, the industry itself continues to evolve. No longer is Identity Management only about IT administration. The higher calling for Identity Management is (or should be) Business Enablement.

Oracle is hosting a live webcast today to discuss the evolving security and business (and user!) requirements and how that's changing the Identity Management solution and strategy set. Oracle's Vice President of Identity Management, Marc Boroditsky, will discuss how the conversation around Identity Management has completely changed over the last couple of years. Using data points and industry numbers, Marc will discuss how we need to re-think the concept of what an "end-to-end access control" solution should look like.

Please join in on the conversation because the webcast today is a discussion of recent findings and proof points not a lecture or a prescription on the topic. We look forward to an animated Q&A round with you today.

Here are the details:

Live Webcast: Getting IT Right with an End-End Access Control Strategy

Thursday, August 4th (today) at 10 am PDT/1 pm EDT

Register Now

Monday Aug 01, 2011

Externalizing Fine-grained Authorization from Applications

In a recent article published by Sys-Con, Marc Chanliau from Oracle highlighted the mechanics and benefits of externalizing fine-grained authorization policies from applications.

While URL-based coarse-grained authorization can be enforced using conventional web access management solutions, fine-grained authorization decisions are typically enforced at application run-time. For instance, if access to confidential data (such as user’s Social Security Number) is granted to a user only if he meets certain conditions, then those checks are typically performed at run-time. This led to complexities with building security for applications. It also led to a joint evolution of security policies with application logic which negatively impacted developer productivity. In this article, Marc Chanliau explores the need to externalize authorization from applications and then delves into the mechanics of externalizing authorization policies using Entitlement Servers.

Here’s a link to the complete article.

If you’d like to learn more about externalizing authorization from applications, check out the replay of our recent webcast on Oracle Entitlements Server 11g. We also have two additional webcasts coming up which explore the declarative security paradigm and its business benefits.

· Webcast: Demystifying Declarative Security

· Webcast: Declarative Security for Mobile Apps 

Thursday Jul 28, 2011

Oracle Entitlements Server (OES) 11g Webcast Q&A

We recently announced Oracle Entitlements Server (OES) 11g. OES externalizes authorization policies from applications eliminating the complexity of building authorization inside applications. By decoupling authorization policy evolution from the application lifecycle, OES does for authorization what Single Sign-On did for authentication.

In our recent July 14 webcast on OES 11g, we dug deeper into some of the new capabilities and design themes in OES 11g. Thanks to everyone who joined our webcast. We have captured answers to the questions asked for your reference.

What is new in OES 11g?

OES 11g introduces several breakthroughs in externalized authorization management. 1) Real-time External Authorization ensures minimal latencies in mission-critical deployments for applications making a massive number of authorization checks 2) Comprehensive Standards Support for a broad spectrum of authorization standards including XACML, NIST RBAC, Enterprise RBAC, ABAC, JAAS and OpenAZ. This gives customers plenty of choices, and flexibility of deployment. 3) Rapid Application Integration accelerates integration with a broad spectrum of application platforms.

Does OES 11g integrate with non-Oracle systems?

Yes. OES integrates with a large number of heterogeneous (non-Oracle) platforms including various custom and 3rd party applications, application servers, databases, directory servers, content management systems, SOA and cloud environments, web portals, and XML gateways, development platforms and programming languages.

What’s the difference between OES 11g and Oracle Platform Security Services (OPSS)?

OPSS is the underlying security foundation for Oracle Fusion Middleware and Oracle Fusion Applications. It is a security framework that provides a broad set of security services for applications - anything from authentication, audit, secure credential storage, identity profile, and authorization among others. OES is the authorization engine sitting underneath OPSS.

OAM and OES both can handle authorization. What else can OES offer when compared to OAM authorization?

OAM is primarily an authentication and Single Sign-On solution. While it does have coarse grained authorization capabilities, you will need a fine grained authorization solution like OES for page/portal customization or page entity level security checks (button enable/disable, text box graying out), transactional checks, checks at method or function level, and for data redaction.

Does OES 11g integrate with Microsoft Active Directory?

Sure. OES can work with external user/group/role/attribute repositories. As a best practice we recommend that you leverage your existing identity stores like AD.

Does OES 11g integrate with other Oracle Identity Management products like Oracle Access Manager (OAM) and Oracle Adaptive Access Manager (OAAM)?

OES integrates with other Identity and Access Management solutions. It can integrate well with an SSO solution like OAM or an adaptive authentication solution like OAAM. Integration with OES delivers fine grained authorization capabilities such as page/portal personalization, function/module level checks, attribute based checks, data redaction etc. OES integrates with other components of the Oracle Identity Management stack as well.

Do you recommend performing data redaction at the database rather than at the UI or business logic layer?

Nearly all large deployments have to make a decision on this at some time. While some scenarios may force you to make the authorization decision at Data Source (DB level), we tend to recommend redaction at a data service layer (for example at the hibernate layer). In general, this is a very subjective decision. OES 11g provides various architecture choices. Decisions vary on a case by case basis.

With 11g the OES PEP/PDP is now integrated into the WLS OPSS SM. When using OES Administration Server (PDP) in conjunction with WLS 11g, do you have to license the integrated PEP/PDP on WLS or is its usage covered by the WLS licensing?

OES is licensed separately.

How does OES compare to LDAP or Tivoli security application?

LDAP by itself is just a repository and does not provide any policy enforcement capabilities.

Where are the roles stored?

In OES Roles are policy based. At a high level, the role policies can be based on users or groups or user attributes where these entities can be managed in any standard user repositories (ex: AD).

How is OES integrated with Oracle ADF? Can I authorize ADF component seamlessly, transparently (ADF developer do not execute OES) and how?

Absolutely. The OES admin console itself is based on OES. Since OES can plug in under the OPSS (Oracle Platform Security Services) layer, all Oracle FMW and Applications (that are based on OPSS) automatically leverage the OES authorization engine.

Does OES support Single Sign On?

OES is not a WebSSO product, it does fine grained authorization. That said, it works with and integrates with any customer's single sign-on solution to take advantage of the user context that gets established and any other information the SSO product provides that you want to leverage in your authorization policies. Oracle Access Manager (our WebSSO product) internally leverages an embedded version of OES to do URL level (coarse grained) authorization.

Do you need the Enterprise Gateway to perform this sort of context authorization or can this be performed by WLS/OPSS, etc?

The Oracle Enterprise Gateway makes it extremely easy to integrate with web services as it is natively integrated with OES - this requires no changes to the application code. A similar integration can be done with Oracle Web Services Manager with some customization.

Does OES integrate with Layer 7 gateways?

Yes, OES can integrate with Layer 7 gateways

Does OES provide database level integration with IBM DB2?

You can definitely use OES for data security with DB2 through business tier integration.

Can OES integrated with non-Java applications (C/C++)?

OES provides Web Service and RMI interfaces that can be of help in these cases. We have done a lot of work with financial services companies that we will be happy to discuss offline.

Can authorization policies be stored in an Oracle database?

Authorization policies can be stored in Oracle RDBMS. The user and groups can be retained in their existing enterprise stores - AD/LDAP/RDBMS

Do you provide or recommend tools to extract security rules from home-grown code so they can be externalized?

We have not come across any tools that do rules redaction from code very effectively.

Are there any IDEs (like Eclipse) that support application owners in development for developers and architects?

There are probably two parts to this question, the OES libraries can be used with any IDE. Our own JDeveloper IDE provides security wizards that help developers, provides declarative support, and helps automate the development lifecycle - this is planned to be certified with OES 11g later this year. We also have plans to extend this for 3rd party IDE's

How do you integrate OES with Oracle Identity Manager (OIM) and Oracle Identity Analytics (OIA)?

OIM provisions the users and group membership (enterprise roles) in the ID store(s) that OES can then leverage in authorization decisions/policies. OIM may also control certain user attributes that may be used in your authorization policies. (OIM uses an embedded version of OES for defining delegated admin policies). OIA can then be used for recertification / attestation of the role memberships and relevant attributes, Separation of Duties (SoD) policies etc

Check out the webcast replay to learn more about OES 11g.

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
3
4
5
6
7
8
11
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today