Monday Feb 21, 2011

Register Today for Free Webinar: Oracle Security Online Forum Feb. 24

Oracle and Accenture are holding a new joint event focusing on security. The event will feature great line-up of speakers and sessions that will last from 9:00-1:00pm PT on Thursday, Feb. 24. The event will focus on Security topics that face the enterprise today. The event kicks-off with a keynote presentation detailing emerging security trends and where we think security is headed in the next decade. Please join us for 30 minutes or the entire day.

Key Speakers:

  • Mary Ann Davidson, Oracle’s Chief Security Officer, on industry-leading standards, technologies, and practices that ensure that Oracle products—and your entire system—remain as secure as possible.

  • Jeff Margolies, Partner, Accenture’s Security Practice—on key security trends and solutions to prepare for in 2011 and beyond.

  • Vipin Samar, Vice President of Oracle Database Security solutions—on new approaches to protecting data and database infrastructure against evolving threats.

  • Tom Kyte, Senior Technical Architect and Oracle Database Guru—on how you can safeguard your enterprise application data with Oracle’s Database Security solutions.

  • Nishant Kaushik, Chief Identity Strategist—on how organizations can look to Oracle Identity Management solutions to help them reduce fraud and streamline compliance.

Full List of Sessions: Look here for sessions tab for list

Friday Feb 18, 2011

Cloud Security Grows Up! Gmail & Two Factor Authentication

A great leap forward for security and the cloud.  Google announced last week that they will support two factor authentication within there very popular Gmail application.  I have used Gmail for years and have enjoyed how it has provided innovation within a very important aspect of communication.  However, security has been a secondary consideration within the innovation life-cycle.  They were one of the first to institute security questions but this is not enough these days.  Especially after high-profile people have had email accounts hacked with similar security features (e.g. Sarah Palin).  

So here is the way that it works.  Go to this page on Google's help site and they will walk you through the options.  What is great about the way they have implemented the system is that no matter what your phone situation they have you covered.  So, even those with a simple land-line to the house can benefit from the increased security.  The real question is whether the users will take security seriously enough to take the 5 minutes to configure.

Google has been more committed than most to the importance of security.  I encourage you all to read their philosophy on security.  You can read more about their philosophy here.

Monday Oct 18, 2010

Security Breech at University Leads to Questions About Fraud Prevention

There are several news articles in today's press that remind us all of the damage and cost of not having the right security defenses in place. A study by the National Fraud Authority as reported in The Register claims that the UK loses $4.13B to Identity Fraud each year. According to the report the average theft results in $1530 in benefit to the thief. In these tough economic times, this is a dramatic drain on scarce resources and should underline why business should ensure they have the right fraud prevention and access management strategy in place to protect their customers.

The second article has to do with the recent breech at the University of North Florida had a breech which compromised over 100 thousand identities. Universities continue to struggle with identity security with a number of breeches over the last 5 years which have hit the headlines. The University has unique challenges with the number of students/identities that turn-over year quarter or semester. In some cases this is close to 25% per quarter or year. In addition, the students in some computer labs are inquisitive and experimenting with the latest hacks challenging even the toughest security measures. Ask any Network Admin at a major university about application and network security and you will hear some amazing stories. In some cases, way more exciting than corporate network security. However, this is a side-topic for another blog entry sometime.

The key to ensuring that you have the right level of protection is adding an additional layer of security and Oracle Adaptive Access Manager is a great solution for this purpose. Ensuring you have tools that allow for real-time response to rules you define on access helps prevent unauthorized access to applications and network resources. In addition, you can use features like One-Time Password to layer authentication security on key resources to ensure you combine something you know with something you have to improve security. Here is a quick intro to how Oracle Adaptive Access Manager can help.

Friday Oct 01, 2010

Security: Zeus brought down by Operation Trident Beach

I am finally caught up after a great week last week at Oracle Open World.  And it was just in time to read about this great bit of international crime fighting bringing an end to an international cyber-crime ring using the Zeus Trojan to steal allegedly $70M.  Details are still coming out but according to this article by The Register the crime ring was able to deploy Zeus and key-log individuals bank accounts and then use "money mules" to access the accounts and make withdrawls illegally.  One thing is for sure you have to admire the naming capabilities of the team which came up with "Operation Trident Beach" which shows marketing doesn't have a monopoly on naming talent.  Here is a quick paragraph taken from The Register article (full text here): 

Trident Beach began in May 2009, when FBI agents in Omaha, Nebraska learned of automated clearing house batch payments to 46 separate bank accounts throughout the US. Agents eventually brought in counterparts from the other involved countries. The payments are a hallmark of Zeus scams, in which hackers break into victim bank accounts and then clean them out using the bank's ACH transfer system.

The thieves targeted small- to medium-sized companies, municipalities, churches, and individuals.

 I was talking with Mark Karlstrand, the Product Manager for Oracle Adaptive Access Manager, and he mentioned that the product has two critical features that would have prevented this from happening.  According to Mark:  "The KeyPad virtual authentication device could have prevented the password theft via key-logger. The use of the passwords from Eastern Europe and other behavior anomalies could have been detected by OAAM real-time risk analytics."  As more details come out about the cyber-crime ring and Zeus we will bring you details. 

Friday Sep 24, 2010

Day 5: Open World Wrap-up

I had a great time this week at Oracle Open World.  It is quite a show with over 47K attendees spread over 4 city blocks with great sessions and conversations about Identity Management and many other cutting edge technologies.  I am definitely in powerpoint overload and would be happy not to see another slide for awhile but the information was great!  We have collected some of the photos from the sessions up on our Facebook page here.  Here is just one of the pictures from the concert on Treasure Island with the Black Eyed Peas, The Steve Miller Band and Don Henley.  It was a great concert.

The presentations were all taped and should be up on the website shortly.  Stay tuned for more information as it becomes available.  If you followed us on Twitter, please let us know what you think by sending us messages.

The Verizon presentation on Directory Server Enterprise Edition and using Fracational Replication was a highlight for me.  It should have been scheduled earlier in the week so that more people could have attended.  Verizon has one of the largest directory deployments in the world with 40+ million identities and many partners and LOB's using it as their repository.  The Verizon deployment is also a great example of using Fractional Replication to empower LOB's with their own identity repository but allowing the central team to maintain the control over the data.  Verizon is also a great example of using SSO to reduce cost and maintain a great User Experience across many different portals.  Madhu, thanks for sharing such great information with the identity management community.  I will post the presentation once it is available on the website.

Thursday Sep 23, 2010

Day 4: IDM at Oracle Open World

Hope you enjoyed the Black Eyed Peas last night.  We have an action packed IDM session on Thursday to finish up the show.  Here is a quick run down of the sessions.  Etienne and I will be introducing Verizon as we talk about how Replication and Fractional Replication are critical features in a high performance Directory Server deployment.


· Follow us on Twitter @OracleIDM. Use hash tags #oow10idm

 Time  Title  Location
9:00 am – 10:00 am
Middleware s317487 End-t-End Secure Identity Propagation Moscone South Rm 310

 Middleware, Applications s316524 Oracle Idenity Management for
Oracle JD Edwards EntrpriseOne

Moscone South Rm 309
10:30 am – 11:30 am Middleware s316991 Database User Management wit Oracle Directry
Services and Actve Directry
Moscone South Rm 310

Middleware s316837 Deploy a Highly Performant Entitlements Solution
wit Oracle Entitlements Server
Moscone South Rm 309

Middleware s317270 Service-Oriented Security: Simplifing Identity
Management for Applications
Moscone West L3, Rm
3018
12:00 pm – 1:00 pm
Middleware s316829 Demystfing IdM: A Custmer’s Guide to a
Practical IdM Deployment Strategy
Moscone South, Rm 309
1:30 pm – 2:30 pm
Middleware S315086 Replication Best Approaches on Directory Server -
Fractional Replication
Moscone South Rm 309

Middleware S316829 Demystifing IdM: A Customer’s Guide t a
Practical IdM Deployment Stategy

3:00pm – 4:00pm
Middleware s314871 Oracle Identity Manager and Oracle BPEL Tools
for Digital Identity Management

3:00pm – 4:00pm
Middleware s314871 Oracle Identity Manager and Oracle BPEL Tools
for Digital Identity Management
Moscone Sout Rm 309
3:30 pm – 4:30 pm Middleware/Oracle Develop S317543 Service Orientd Security 101 Hotel Nikko Mendocino I / II






Tuesday Sep 21, 2010

Day 2: IDM at Oracle Open World

Oracle Open World is off to a great start with plenty of good content and demo's for the business owner or technical implementation team.  Yesterday I saw two great demos from the OAM team.  Mark Karlstrand, pictured to the right was giving a demo on OTP Anywhere to Bob Blakeley.  It was impressive as he used his cell phone to provide a stronger authentication method for a bank transfer -demo not real but you get the point.    

There are a couple of ways to follow what is going on during the show.  

You can follow us on Twitter by using the hash tags #oow10 #idm or follow us directly @OracleIDM.  

We also are uploading pictures and video's from the day at our Facebook page at Facebook/OracleIDM here.

Here are the sessions for Tuesday, Sept. 21 at Oracle Open World

 Time  Title  Location
 12:30 pm – 1:30 pm  Middleware s317146 Securing Web Services: Solutions, Best Practices, Moscone South Rm 309
2:00 pm – 3:00 pm
Middleware s317467 Simplify Identity Management and Support Future Growth with Directory Services
Moscone South Rm 309
3:30 pm – 4:30 pm
Middleware s317064 Oracle Identity Management Administration Best Practices
Moscone South Rm 309
3:30 pm – 4:30 pm
Middleware s317240 Oracle’s Identity Management Strategy (for Sun, Oracle and New Customers Alike)
Moscone South Rm 310
5:00 pm – 6:00 pm
Middleware s317484 Case Study: How Cisco Achieved Large-Scale, Highly Available Access Management
Moscone South Rm 310
5:00 pm – 6:00 pm
Middleware s317244 Enforcing Segregation-of-Duties Controls with Identity Management
Moscone South Rm 309



                    Growth with Directory Services
3:30 pm – 4:30 pm Middleware s317064 Oracle Identity Management Administration Best Moscone South Rm 309
                    Practices
Middleware s317240 Oracle’s Identity Management Strategy (for Sun, Moscone South Rm 310
  Oracle and New Customers Alike)
Middleware s317484 Case Study: How Cisco Achieved Large-Scale, Highly Moscone South, Rm 310
Available Access Management
Middleware s317244 Enforcing Segregation-of-Duties Controls with Identity Moscone South Rm 309
Management

Friday Sep 10, 2010

IDM at Oracle Open World

Oracle Open World is fast approaching and the time to register is NOW so you don't miss out.  This year the show is going to be a blast.  I have heard rumors about the band that will be performing one night but you know what they say about rumors.  More importantly, the IDM team have a lot of new things to talk about at this years show.  First, we released 11g this summer which included exciting new approaches like Service Oriented Security, better user experience and new features for:

  • Oracle Identity Manager
  • Oracle Access Manager
  • Oracle Adaptive Access Manager
  • Oracle Identity Analytics

If you want a comprehensive list of all the sessions so you can follow along.  Please visit the Focus On Identity Management document located here.  Also, we have five don't miss sessions which you need to attend.  Here are the dates and times.  Or, you can find them on our Facebook page here.

 Date & Time
 Title of Presentation
 Location
Mon 11am Oracle Identity Management 11g Overview Moscone South 309
Tue 2pm Simplify IDM with Directory Services –
Moscone South 309
Tues  3:30pm Oracle’s IDM Strategy (for Sun, Oracle Customers Alike)
Moscone South 310
Wed 1pm Building a Strong Foundation for Your Cloud with  IDM
Moscone South 309
Wed 4:45pm Complete Identity & Access Governance with OIA 11g
Moscone South 309
Tues 5pm How Cisco Achieved Large-Scale, Highly Available Access Management Moscone South 310

The last time the Identity Management team was all together a  few photo's were taken and I have included one from that fun event at Burton Catalyst.  Hope you will be able to join us!


Thursday Aug 26, 2010

Free Webinar Today: Simplify Access Management with F5 & Oracle

On Thursday, August 26.  We are hosting a webcast that will take you through the solution and talk about why we believe this will simplify Access Management.  Please join us as F5 and Oracle product experts explain this simple solution.

Title: Live Webcast: Streamline Access Management with F5 & Oracle

When:  Thursday, August 26, 2010, 10:00 a.m. PT or 1:00 p.m. ET

Where: Register for this live webcast here: Streamline Access Management with F5 & Oracle

Thursday Aug 19, 2010

Free Webinar: Simplifying Access Management with F5 & Oracle Aug. 26. 10:00am

Security is hard!  However, the tools that you use to protect your identities should not be. 

Security is hard because of a number of specific environmental, economic and business driven reasons.  One, the threat vectors are growing at exponential rates.  This is driven by the fact that the financial rewards for exploiting data and information are increasing globally.  Whether the data is stolen identities, pricing information for the new release of a product. fraud on internal or external purchases or any of the other 1000 different nefarious threat vectors, businesses and consumers need to be protected.

Two, the number of identities, devices and service providers is also increasing.  The internet is the way we do business globally.  It is the path to which our customers purchase, partners exchange data, and business provide services within their network.  And, at the heart of every exchange of data is an identity.  This identity has critical attributes about an individual that drive the appropriate access to information and services. 

Three, organizations are under increasing regulatory pressure.  Whether it is SOX, FERPA, HIPPA, JSOX, etc. there are access management controls that must be in place to ensure the CFO, CTO and CEO can sign the compliance documents necessary to manage risk in their business. 

This is a complex environment.  Why do the tools that we use to manage access and security within our organization have to be equally complex.  This is why F5 and Oracle have been working together to bring a solution which simplifies access management.  The Big IP Solution is a great way for organizations to simplify access management.  Whether they are integrating multiple Single-Sign-On products with Oracle Access Manager or using this appliance to simplify their IT infrastructure.  The result is faster time to market, faster time to deployment and faster time to security. 

On Thursday, August 26.  We are hosting a webcast that will take you through the solution and talk about why we believe this will simplify Access Management.  Please join us as F5 and Oracle product experts explain this simple solution.

Title: Live Webcast: Streamline Access Management with F5 & Oracle

When:  Thursday, August 26, 2010, 10:00 a.m. PT or 1:00 p.m. ET

Where: Register for this live webcast here: Streamline Access Management with F5 & Oracle

Tuesday Aug 17, 2010

Free Webinar Aug. 18: Quick-Start Compliance with Identity Analytics

Identity compliance projects don't have to be hard!  The key to any successful project in IT is delivering value to the business quickly!  It is critical to then leverage those early wins into larger wins for the organization.  When I used to coach I likened this to walking up a staircase.  McKinsey used the analogy to describe the approach successful companies took to manage successful growth. (take a look here)  

Oracle Identity Analytics provides a set of tools that can help organizations take the first step up that staircase to Compliance quickly.  The approach allows organizations to show value quickly and then build upon those early wins to build better security into the organization.  This webcast tomorrow will give insight into how organizations can build in proper segregation of duties, 360 degree review's and proper attestation of roles.  One customer of the product used to print out a conference room of paper and had his compliance auditors and business managers review the roles and access rights to meet compliance.  Imagine if you had the tools to ensure you could make this process easier.  Register today and find out how.

Register Today Here:

Customer Stories: Tackling Compliance Challenges with Oracle Identity Analytics

Date: Wednesday, August 18, 2010
Time: 10:00 am PT / 1:00 pm ET

Featured Speakers:

Naynesh Patel,
Partner,
Simeio Solutions

Neil Gandhi,
Principal Product Manager,
Oracle Identity Analytics,
Oracle Corporation

Wednesday Aug 11, 2010

New Release: Oracle Directory Server Enterprise Edition Strategic

Strategic New Release of Oracle Directory Services Directory Server Enterprise Edition 11gR1

I would like to pass on some good news from the Oracle Directory Services Blog here:  The following is a reprint of their recent good news concerning Oracle Directory Server Enterprise Edition: (Download Instructions from Brad Diggs aka The Zone Manager here)


Oracle released a new version of Oracle Directory Server Enterprise Edition 7.0, ODSEE 11g Release 1 recently.  The strategic commitment to Sun's Directory Server Enterprise Edition is important for customers who wish to grow the foundation of their identity infrastructure faster and easier. The new release offers improvement in performance over previous releases allowing companies to accelerate their applications while reducing their total cost of ownership. With this new release, companies can also reduce cost by improving serviceability with faster import times and smooth, in-place upgrade that reuses your existing data store. This complete solution provides a directory server, proxy server (for high availability and distribution of data and load), web console and synchronization with Active Directory, all under one product (ODSEE) and licensed as part of Oracle Directory Services Plus.

ODSEE 11gR1 is a rebranded release of Sun Directory Server Enterprise Edition 7.0 and is equivalent to a patch release. It does not include new functionality but provides additional stability and security with the inclusion of many fixes that where previously released as patches and hot fixes.

This release also aligns the list of supported platforms with most other Oracle Fusion Middleware products. For details of the changes to supported platforms, see Platform Support, System Virtualization Support, and Operating System Requirements.

As part of the integration with other Oracle Fusion Middleware components:

This updated release improves the overall quality and robustness of deployments. Among other features and capabilities , by upgrading from DSEE 5.2 or 6.x you might benefit from:

    • Up to 300% performance improvement

    • In place upgrade from DSEE 6 and 7 (no need to export/import existing data)

    • Reduced disk space and memory footprint

    • Optional data compression

    • Instant restore capabilities

    • Advanced tuning capabilities

    • Improved control over traffic going through Directory Proxy Server

    • New distribution algorithm with Directory Proxy Server

    • Updated list of supported Operating Systems, IP v6 supported on all platforms

    • Directory Service Control Center supported on broader list of application servers

    • For more information please visit:

Tuesday Jul 20, 2010

Last Chance to Register: Launch Webcast Identity Management 11g


Date: Wednesday, July 21, 2010
Time: 10:00 a.m. PT / 1:00 p.m. ET

Register here

Tuesday Jul 13, 2010

Register Today for Free Webinar: A Giant Leap In Identity Management

The Identity Management market is evolving and it is an exciting place to be involved in shaping that evolution.  For some that evolution is an opportunity for others it is a headache.  At Oracle we see this as a great opportunity. 

When I started in the Identity Management field it is wasn't even called identity management it was about solving high availability problems for customer and partner extranets before personalization and portal solutions existed.  LDAP was a great solution for these problems and Netscape and then Sun Directory Server were the industry best solutions.  They still are today.  However, in this space alone there has been considerable evolution.   Virtual directories, directory proxies, Active Directory Synchronization are all essential components of best of breed directory server product's.  Oracle Directory Services Plus is a good example.  

The fuel behind this tremendous evolution is the business environment in which these solutions exist. There is no magic in figuring out these key business trends.  Organizations face increased threats from global security risks internally and externally. 

You had to bury your head in the sand to not notice the fact that these threats have landed some of the greatest IT organizations and governments in prime-time analysis on CNN or on the front page of the major news portals.   The global economic slowdown has caused business to seek better value from the products they have already purchased.  Increased government scrutiny and regulation has fueled compliance projects and organizations to ensure business and IT audits can be signed off by the CTO and CFO of major organizations.  And, the CTO and CFO don't want surprises so they have funded projects and purchased solutions to ensure they stay in compliance ---No Surprises!

At Oracle, meeting these challenging problems with innovation is the name of the game.  At the same time, we strive to provide the most complete solutions based on standards for our customers.  This is why we are excited about our event next week.  At this webinar we are taking a "Giant Leap Forward In Identity Management".  Amit Jasuja, Vice President of Identity Management and Security at Oracle, will be sharing the latest news from Oracle on why we believe we are uniquely positioned to solve these business problems for the best organizations on the planet.  Register Today for this exciting event.

Webinar Registration
Wednesday, July 21, 2010
10:00am PDT, 1:00 EDT, 7:00pm CET
Register here

About

Sharing 12 years of technology experience as developer, product and program manager, and marketing director. Identity Management, Security, and Product Management issues occupy my mind during the working day. Water Polo keeps me healthy.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today