Tuesday Aug 30, 2011

OOW Session - Achieving Context Aware Security

The DNA of Identity management has been Authentication, Authorization, Administration and Audit – but to really take a risk based approach, address the more complex regulatory pressure and still provide ROI identity management has to become more context aware, provide better analytics and provide increased control. You don't want to miss Vadim Lander - Chief Identity Architect discuss the next step in the evolution of identity management on Wednesday October 5th at 4:45 in Moscone West.

Who you are depends on the context of your activity. In the enterprise we all wear many hats and do many jobs. This makes it difficult to detect when user behavior is out of the ordinary. An integrated context aware approach is the best solution to balance the need for regulatory compliance and reduce risk.

To become risk aware, Identity Management has to become more context aware and integrated. The latency between Identity pillars creates risk. An integrated platform approach helps restore control by providing context. Join us for this session to understand how Oracle is driving innovation and creating the next generation of Identity Management solutions.

For a complete schedule of Identity Management session see the Identity Management Focus On. 

Sunday Jul 24, 2011

The Business Case For Entitlements Server

Much of our content today discusses how to apply an entitlements server to provide external authorization, but less time has been spent discussing the business case for fine-grained entitlements. As we wrap up a week of sales training, I want to spend some time summarizing some of the data-points on how organizations rationalize the benefits of entitlements servers. The topic of role-based access has a rich academic history since role-based access control draws from a diverse range of subjects.

The demand for entitlements servers has increased drastically in the past few years as application and data security moved into the foreground. Despite the large number of “off the shelf” solutions used in IT, the majority of mission critical “line of business” applications are home grown. Financial services companies are perhaps the most mature users of fine-grained authorization because of the regulatory pressure and intrinsic monetary value of the data. In the past few years, demand has picked up in many verticals from healthcare to manufacturing. In cases where business processes are being outsourced, providing policy based control over data and transactions is essential. 

A few years ago, the banking world was rocked by the scandal of a rouge trader who utilized his knowledge of gaps in control procedures to create a $7.1B loss for a major bank. While this case is certainly sensational, this type of insider fraud happens more often than we think. Some sources suggest more than 46% of fraud is caused by insiders. Separate of looking for an economic ROI for deploying an entitlements server, the most compelling reason is the security of the business itself. When a “line of business” application like a trading system or a clinical trials application gets compromised, the impact is always financially disastrous.

Today most of the organizations deploying an entitlements server solution have well defined requirements to separate access due to internal or external regulatory guidelines. The regulatory pressure alone provides the business case. In most of the cases, the customer's existing homegrown approach became too difficult to maintain and scale as security requirements changed. Looking across deployments, two economic value propositions are found in all cases:

  • Time to value: Re-tooling applications to address security changes can take many months. Many organizations that deployed an entitlements server have reduced this time to weeks. This provides significant time to value when the organization is trying to address an audit finding or closing a security risk gap.
  • Reduced development cost: Most organizations save 10's of thousands of dollars on a per application basis after deploying an entitlements server because so much time was spent hard coding security into the application. In one anecdotal case a company saved over $265K annually over 7 applications by externalizing security. Thanks to Andy Vallila for sharing this particular example.

We are still in the early adoption phase of entitlements servers. The customers who adopt have the most urgent security need. As we survey and summarize the results of the early adopters, we will gain better ROI data. For more background on entitlements servers and how to apply them the following resources may be helpful:


Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.


« July 2016