Applications such as Oracle E-Business Suite (EBS), PeopleSoft, JD Edwards and Hyperion have enabled key business processes in several organizations. As organizations move towards the cloud, they may decide to migrate these processes to SaaS applications. SaaS migration may not always be viable. Sometimes organizations immediately lift and shift their enterprise applications to the cloud in order to leverage the elastic scalability and automation that is inherited with modern cloud platforms.
Organizations cannot overlook identity and security requirements when moving applications to the cloud. They need to change their strategy from a pure “Lift and Shift” to “Move and Improve.” They need capabilities such as automated identity life cycle management, adaptive MFA and single sign on to improve their overall security posture and inherit controls through which they can combat sophisticated and prevalent cyber security threats. This is where Oracle Cloud Infrastructure and Oracle Identity Cloud Service (IDCS) deliver.
Oracle Cloud Infrastructure is a second-generation cloud infrastructure platform designed to run enterprise application workloads with an emphasis on security at its core. Deep customer isolation, strong networking isolation, operational segregation, a modernized WAF and highly effective DDoS protection are just some of the areas where OCI stands out. You can read much more about Oracle Cloud Infrastructure security here.
Oracle Identity Cloud Service, a component of Oracle Cloud Infrastructure, is a modernized Identity as a Service (IDaaS) platform that enables you to streamline and automate user identity life cycle management, simplify user access with standards based single sign on into both SaaS and enterprise apps, and also help secure your applications with context based multi-factor authentication policies and an adaptive intelligence risk engine.
IDCS helps enable organizations to successfully implement their “Move and Improve” strategy with the following features:
- App Gateway and EBS Asserter
- Provisioning Bridge
- Multi-factor Authentication
App Gateway and EBS Asserter
The IDCS App Gateway is an identity-aware proxy that can be placed in front of your applications. It has the ability to intercept HTTP/S requests, redirect users to IDCS for authentication and then inject validated user identity and authorization data as HTTP Headers into the request which is eventually sent to the application. An application can then use the vales of these HTTP headers to create a secured session for the end user. The IDCS App Gateway will also enable organizations to enforce URL authorization policies and help secure application APIs using OAuth.
You can deploy the App Gateway on VirtualBox, VMware or run it as a Docker container. Organizations can use the App Gateway to enable SSO into applications like PeopleSoft, JD Edwards or any bespoke application that supports HTTP Header based authentication.
The IDCS EBS Asserter is another innovative component that not only enables SSO with EBS, but it also simplifies the infrastructure requirements needed to enable EBS SSO. Traditional EBS SSO deployments require organizations to deploy and manage farms of Access Servers, Directory servers, Access Gates and Web Gates. The IDCS EBS Asserter removes the need for these excessive and difficult to manage components. It’s a simple WAR file that needs to be deployed on WebLogic. That’s it, nothing more. The IDCS EBS Asserter acts as the interface between the identity token being issued by IDCS and the user session being created in EBS.
Provisioning Bridge
Comprehensive security for applications requires life-cycle management of application identities in addition to single sign on. The IDCS provisioning bridge can be used to streamline account life-cycle management with on-premises components and enterprise applications. With the IDCS provisioning bridge organizations can perform authoritative sync, account provisioning and group management in generic LDAP servers such as OID, OUD, ODSEE and Apache DS. The IDCS provision bridge will also enable account, role and responsibility management in apps such as EBS and PeopleSoft.
When combined with the SaaS application templates, AD Bridge and automated group grants; organizations can automate the entire identity life cycle.
Multi-Factor Authentication
IDCS provides a market leading MFA solution through which organizations can define policies that contain context based rules and actions. These rules leverage the user, application, device, risk and request context to dynamically determine if a user is allowed access, denied access or needs to be prompted for MFA. The IDCS adaptive intelligence engine not only computes risk by analyzing login behavior but can also pulls in user risk feeds from UEBA systems such as Symantec CASB. It uses this combined risk score along with the user, application, device and request context to dynamically enforce access decisions.
Summary
Organizations cannot overlook identity and security requirements when moving applications to the cloud. They need to change their strategy from a pure “Lift and Shift” to “Move and Improve”. They need capabilities such as automated identity life cycle management, adaptive MFA and single sign on to not only improve their overall security posture but also inherit controls through which they can combat sophisticated and prevalent cyber security threats.
Join us for a live webinar on Nov 6th where we will discuss how you can secure your enterprise apps with IDCS and enable your “Move and Improve” strategy.
Move and Improve: Keeping Your Workloads Secure with IDCS
Wednesday, November 6th | 10am PT
Speaker: Sanjay Sadarangani
Register now