Monday Oct 18, 2010

Security Breech at University Leads to Questions About Fraud Prevention

There are several news articles in today's press that remind us all of the damage and cost of not having the right security defenses in place. A study by the National Fraud Authority as reported in The Register claims that the UK loses $4.13B to Identity Fraud each year. According to the report the average theft results in $1530 in benefit to the thief. In these tough economic times, this is a dramatic drain on scarce resources and should underline why business should ensure they have the right fraud prevention and access management strategy in place to protect their customers.

The second article has to do with the recent breech at the University of North Florida had a breech which compromised over 100 thousand identities. Universities continue to struggle with identity security with a number of breeches over the last 5 years which have hit the headlines. The University has unique challenges with the number of students/identities that turn-over year quarter or semester. In some cases this is close to 25% per quarter or year. In addition, the students in some computer labs are inquisitive and experimenting with the latest hacks challenging even the toughest security measures. Ask any Network Admin at a major university about application and network security and you will hear some amazing stories. In some cases, way more exciting than corporate network security. However, this is a side-topic for another blog entry sometime.

The key to ensuring that you have the right level of protection is adding an additional layer of security and Oracle Adaptive Access Manager is a great solution for this purpose. Ensuring you have tools that allow for real-time response to rules you define on access helps prevent unauthorized access to applications and network resources. In addition, you can use features like One-Time Password to layer authentication security on key resources to ensure you combine something you know with something you have to improve security. Here is a quick intro to how Oracle Adaptive Access Manager can help.

Thursday Aug 26, 2010

Free Webinar Today: Simplify Access Management with F5 & Oracle

On Thursday, August 26.  We are hosting a webcast that will take you through the solution and talk about why we believe this will simplify Access Management.  Please join us as F5 and Oracle product experts explain this simple solution.

Title: Live Webcast: Streamline Access Management with F5 & Oracle

When:  Thursday, August 26, 2010, 10:00 a.m. PT or 1:00 p.m. ET

Where: Register for this live webcast here: Streamline Access Management with F5 & Oracle

Thursday Aug 19, 2010

Free Webinar: Simplifying Access Management with F5 & Oracle Aug. 26. 10:00am

Security is hard!  However, the tools that you use to protect your identities should not be. 

Security is hard because of a number of specific environmental, economic and business driven reasons.  One, the threat vectors are growing at exponential rates.  This is driven by the fact that the financial rewards for exploiting data and information are increasing globally.  Whether the data is stolen identities, pricing information for the new release of a product. fraud on internal or external purchases or any of the other 1000 different nefarious threat vectors, businesses and consumers need to be protected.

Two, the number of identities, devices and service providers is also increasing.  The internet is the way we do business globally.  It is the path to which our customers purchase, partners exchange data, and business provide services within their network.  And, at the heart of every exchange of data is an identity.  This identity has critical attributes about an individual that drive the appropriate access to information and services. 

Three, organizations are under increasing regulatory pressure.  Whether it is SOX, FERPA, HIPPA, JSOX, etc. there are access management controls that must be in place to ensure the CFO, CTO and CEO can sign the compliance documents necessary to manage risk in their business. 

This is a complex environment.  Why do the tools that we use to manage access and security within our organization have to be equally complex.  This is why F5 and Oracle have been working together to bring a solution which simplifies access management.  The Big IP Solution is a great way for organizations to simplify access management.  Whether they are integrating multiple Single-Sign-On products with Oracle Access Manager or using this appliance to simplify their IT infrastructure.  The result is faster time to market, faster time to deployment and faster time to security. 

On Thursday, August 26.  We are hosting a webcast that will take you through the solution and talk about why we believe this will simplify Access Management.  Please join us as F5 and Oracle product experts explain this simple solution.

Title: Live Webcast: Streamline Access Management with F5 & Oracle

When:  Thursday, August 26, 2010, 10:00 a.m. PT or 1:00 p.m. ET

Where: Register for this live webcast here: Streamline Access Management with F5 & Oracle

Monday Apr 26, 2010

Iron-Clad Cloud: Secure Cloud Computing

As organizations continue to leverage the cloud for essential business applications and services the provisioning and security of identity data becomes an essential compliance requirement.  Oracle's new Security Newsletter  has an article that provides information on critical approaches to security in the cloud.

One solution to the security problem with cloud services can be overcome using Service Oriented Security.  The Oracle approach to using Service Oriented Security allows developers to pull from a centralized, authoritative source of identity services.  This allows developers to build security into every application from the inside-out.   This is critical to ensuring this is done in a standardized manner and most importantly it allows developers to develop without being security experts.

The "Iron-Clad Cloud:  Secure Cloud Computing" article in this quarter's Security Newsletter is a great place to start when looking for information on how to use these tools to improve the security for your organizations cloud services.  You will also find articles on database security and other bloggers who are sharing data about the security industry and Oracle's thought-leadership.

Friday Apr 23, 2010

New Oracle Security Newsletter

Oracle Identity and Database Security Teams have created a new Security Newsletter. The Newsletter launches this week and will be distributed to customer's who have signed up for the Newsletter via

In each edition, you'll find news, blog posts, events, webcasts, and much more covering Oracle's Security Solutions. Whether your focus is on identity management or database security, each issue will be filled with the information you need to secure your database, middleware, and applications, and meet IT compliance requirements.

In this inaugural version of the newsletter you will find content on:

You can see the entire newsletter here

Register for future versions of the newsletter by following the directions here.  You can also see samples of all the different newsletter content that is available to stay current and aware of the latest leading news from Oracle.

Tuesday Mar 04, 2008

FTC Releases Data on Identity Crimes

The FTC Released information about trends in consumer fraud for 2007.  Identity Theft leads the category for the eighth year in a row.
[Read More]

Friday Jan 25, 2008

FamFest08 Using Agile to create Demo's

This week has been a lot of fun.  I spent the week in Las Vegas with a great team of Sales Engineers, Software Engineers from Federation Access Manager and our product marketing team.  The goal of the event was to create three customer focused demo's to illustrate how Federation Access Manager can be used by our customers.  I recently moved from the xVM Ops Center team to the Access Manager product marketing team so this was my first opportunity to meet the extended team.  What a talented team.

Terry did a great job of preparing the team for the event by holding several meetings prior to arriving in Las Vegas.  The team worked on developing high-level use cases.  Once in Vegas the team gelled quickly getting to work using agile processes and programming methods to get something tangible to demo via the first day.  I have attended other events with similar objectives and they have not been as productive.  What was really impressive was the hand on nature and knowledge sharing that occurred between the three critical constituencies. The team did blow off some steam at ESPN Zone and Jay-z's new club 40/40.  Everyone left thinking "I wish I could have one of those screens for my superbowl party". 

As Pat Patterson pointed out in his blog earlier in the week here, a number of the team already blog so you can get access to the latest mindshare of the team. 

Lastly, if you are interested in hearing an interesting review of Ping Identity Daniel Raskin was able to put together a great podcast with Ping himself. 


Sharing 12 years of technology experience as developer, product and program manager, and marketing director. Identity Management, Security, and Product Management issues occupy my mind during the working day. Water Polo keeps me healthy.


« July 2016