Tuesday Jun 25, 2013

It's not just “Single Sign-on” by Steve Knott (aurionPro SENA)

It is true that Oracle Enterprise Single Sign-on (Oracle ESSO) started out as purely an application single sign-on tool but as we have seen in the previous articles in this series the product has matured into a suite of tools that can do more than just automated single sign-on and can also provide rapidly deployed, cost effective solution to many demanding password management problems.

In the last article of this series I would like to discuss three cases where customers faced password scenarios that required more than just single sign-on and how some of the less well known tools in the Oracle ESSO suite “kitbag” helped solve these challenges.

Case #1

One of the issues often faced by our customers is how to keep their applications compliant. I had a client who liked the idea of automated single sign-on for most of his applications but had a key requirement to actually increase the security for one specific SOX application. For the SOX application he wanted to secure access by using two-factor authentication with a smartcard. The problem was that the application did not support two-factor authentication. The solution was to use a feature from the Oracle ESSO suite called authentication manager. This feature enables you to have multiple authentication methods for the same user which in this case was a smartcard and the Windows password.  Within authentication manager each authenticator can be configured with a security grade so we gave the smartcard a high grade and the Windows password a normal grade. Security grading in Oracle ESSO can be configured on a per application basis so we set the SOX application to require the higher grade smartcard authenticator.

The end result for the user was that they enjoyed automated single sign-on for most of the applications apart from the SOX application. When the SOX application was launched, the user was required by ESSO to present their smartcard before being given access to the application.

Case #2

Another example solving compliance issues was in the case of a large energy company who had a number of core billing applications. New regulations required that users change their password regularly and use a complex password. The problem facing the customer was that the core billing applications did not have any native user password change functionality. The customer could not replace the core applications because of the cost and time required to re-develop them. With a reputation for innovation aurionPro SENA were approached to provide a solution to this problem using Oracle ESSO.

Oracle ESSO has a password expiry feature that can be triggered periodically based on the timestamp of the users’ last password creation therefore our strategy here was to leverage this feature to provide the password change experience. The trigger can launch an application change password event however in this scenario there was no native change password feature that could be launched therefore a “dummy” change password screen was created that could imitate the missing change password function and connect to the application database on behalf of the user.

Oracle ESSO was configured to trigger a change password event every 60 days. After this period if the user launched the application Oracle ESSO would detect the logon screen and invoke the password expiry feature. Oracle ESSO would trigger the “dummy screen,” detect it automatically as the application change password screen and insert a complex password on behalf of the user. After the password event had completed the user was logged on to the application with their new password. All this was provided at a fraction of the cost of re-developing the core applications.

Case #3

Recent popular initiatives such as the BYOD and working from home schemes bring with them many challenges in administering “unmanaged machines” and sometimes “unmanageable users.”

In a recent case, a client had a dispersed community of casual contractors who worked for the business using their own laptops to access applications. To improve security the around password management the security goal was to provision the passwords directly to these contractors. In a previous article we saw how Oracle ESSO has the capability to provision passwords through Provisioning Gateway but the challenge in this scenario was how to get the Oracle ESSO agent to the casual contractor on an unmanaged machine.

The answer was to use another tool in the suite, Oracle ESSO Anywhere. This component can compile the normal Oracle ESSO functionality into a deployment package that can be made available from a website in a similar way to a streamed application. The ESSO Anywhere agent does not actually install into the registry or program files but runs in a folder within the user’s profile therefore no local administrator rights are required for installation. The ESSO Anywhere package can also be configured to stay persistent or disable itself at the end of the user’s session.

In this case the user just needed to be told where the website package was located and download the package. Once the download was complete the agent started automatically and the user was provided with single sign-on to their applications without ever knowing the application passwords.

Finally, as we have seen in these series Oracle ESSO not only has great utilities in its own tool box but also has direct integration with Oracle Privileged Account Manager, Oracle Identity Manager and Oracle Access Manager. Integrated together with these tools provides a complete and complementary platform to address even the most complex identity and access management requirements.

So what next for Oracle ESSO?

“Agentless ESSO available in the cloud” – but that will be a subject for a future Oracle ESSO series!

                                                                                                                              

Friday Mar 30, 2012

ING: Scaling Role Management and Access Certification to Thousands of Applications

Organizations deal with employee and user access certifications in different ways.  There’s collation of multiple spreadsheets, an intense two-week exercise by managers or use of access certification tools to do so across a handful of applications. But for most organizations compliance is about certifying user access for thousands of employees across hundreds of systems. Managing and auditing millions of entitlement combinations on a periodic basis poses a huge scale challenge.

ING solved the compliance scale challenge using an Identity Platform approach. Join the live webcast featuring ING’s enterprise architect, Mark Robison, as he discusses how a platform approach offers value that is greater than the sum of its parts and enables ING to successfully meet their security and compliance goals. Mark will also share his implementation experiences and discuss the key requirements to manage the complexity and scale of access certification efforts at ING. Mark will be joined by Neil Gandhi, Principal Product Manager for Oracle Identity Analytics.

Live Webcast
ING: Scaling Role Management and Access Certification to Thousands of Applications
Wednesday, April 11th at 10 am Pacific/ 1 pm Eastern
Register Today

Thursday Jan 12, 2012

Security Newsletter January Edition is Out Now

Security Inside Out Newsletter

The January edition of the very popular Security Inside Out Newsletter is now out. This edition puts the spotlight on Security in Healthcare. Whether it is patient privacy or complying with federal and industry regulations like HIPAA, Sarbanes Oxley (SOX), HITECH and more, security issues are top of mind for most healthcare organizations. Oracle's Security Inside Out approach offers comprehensive protection for your data, identity and applications. Check out the top feature in the newsletter to hear how some of your peer organizations are meeting their security, compliance and patient care goals with Oracle Security and Identity Management solutions.

If you attended our recent Enterprise Single Sign-On (ESSO) webcast, you already know that companies on average realize over 140% in return-on-investment (ROI) with the ESSO implementation. Organizations have been able to slash over 80% of password related calls to their helpdesk saving a tremendous amount in helpdesk overhead and improving user productivity. Get your hands on the ESSO Buyers Guide and don't miss this feature article in the newsletter that discusses recent customer success stories.

This edition is also your one-stop shop for getting your hands on the latest materials including a recently issued IDC Report on Data Security, Oracle whitepaper comparing Oracle and Novell Identity Management solutions, SANS product review report on Oracle Database Vault and more. Keep up to date on the latest Oracle Security news, upcoming events, webcasts and more by subscribing to the newsletter now.

Happy reading!

Friday Dec 02, 2011

Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics – Q&A Follow-Up

Thanks to all who attended the live webcast event hosted by Healthcare IT News. Hope you find the discussion and the presentations useful; we look forward to a continued conversation.

Compliance in healthcare has always been an active discussion in the identity management industry and here at Oracle too. So, we were very pleased when Jason W. Zellmer, Director, Strategy and Information Management at Kaiser Permanente Information Security agreed to be on a live panel discussion with us to share his experiences and insights with his peers. Especially after having had a similar role in a financial services organization in the past, his commentary on how acute identity management and compliance needs are in a healthcare organization like Kaiser Permanente was particularly insightful. The live event also allowed us to bring in experts from Kaiser’s identity management implementation partner, PricewaterhouseCoopers as well as Oracle’s own solution expert to provide a 360-degrees perspective on healthcare compliance solution design and implementation for healthcare organizations.

The on-demand webcast replay is now available and so are the slides for download. And, since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Could you brief about the OOTB component in ERP for managing SOD checks and how this is effective in the context of integrating with OIM and OIA?

A. Oracle Identity Manager (OIM) and Oracle Identity Analytics (OIA) work seamlessly with OOTB ERP SOD engines like Oracle Applications Access Control Governor (OAACG) to enable both preventative SOD (and IT policy monitoring) checks during the user provisioning process as well as detective and remedial SOD actions.

Q. How are Oracle IDM products flexible with the changing compliance requirements if any?

A. As compliance regulations continue to evolve, standards-based, open Oracle Identity Management solutions allow you to easily configure your workflows in accordance with the changing requirements. And since Oracle Identity Management solutions allow you to externalize security from applications and provide a centralized security platform, organizations can easily adapt to the changing regulatory and compliance landscape without having to rip and replace existing solutions.

Q. Where did you get the 48% IAM cost reduction and 80% productivity boost from?

A. Recently Aberdeen Research conducted a survey comparing cost savings from Platform vs. Point solutions in identity Management and found that organizations choosing products from an integrated stack can save up to 48% long term and achieve better automation and lower administrative costs. Please refer to the Aberdeen paper available for download. The 80% user productivity boost was determined based on the benchmark study conducted for the latest release of Oracle Identity Analytics 11g. Please refer to the recent announcement of availability of enhanced Oracle Identity Analytics.

Q. You referred to an ROI study on Identity Analytics and a model for computing compliance cost savings. Where can I find more information?

A. Forrester Consulting recently conducted a study where they interviewed 4 organizations that had deployed Oracle Identity Analytics to understand the various use cases, cost implications and the results from their respective implementations. Based on these actual studies, Forrester then built an ROI model and calculated aggregated savings for a typical organization. We recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
3
4
5
6
7
8
11
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today