Identity and Security

Security in Person

Oracle Identity Management solutions secure sensitive applications and data on premises and in the cloud.

By Philip J. Gill

January/February 2015

In today’s digital world, companies are an electronic web of interlocking, ongoing, and highly flexible relationships among employees, consultants, contractors, business partners, and customers. Binding these various constituencies together is an internet that is moving beyond desktop-centric, browser-based connections.

“The world in which we use browser-based applications to access corporate applications and data is rapidly giving way to one in which we use mobile apps running on an ever-increasing variety of devices to access corporate data and resources through wireless connections, social networks, and the cloud,” says Amit Jasuja, senior vice president of product development for Java, mobile security, and identity management at Oracle. “These changes have dramatically altered how companies need to think about security and identity management.”

Right now we’re helping our customers use as little energy as possible.”–Paul Van Nieuwenhuyze,
Service Manager, Electrabel GDF Suez

Companies today expect identity management systems not only to support mobile devices, social networks, and the cloud but also to provide a single point of access and control, application-level security, tight integration with enterprise applications and management tools, and more—all while reducing costs and improving operational efficiency. For these reasons, companies are turning to the Oracle Identity Management platform.

A Unified Workforce

At Vodafone Group, the world’s second-largest telecommunications company, the first step in adapting to the mobile, social, and cloud evolution was to unite corporate identity and access management. Headquartered in London, England, Vodafone operates in 26 countries and has partners in 52 more, providing telecom services to 436 million customers.

Vodafone, like many global businesses today, defines workforce quite broadly. “We think of our workforce as including not just internal employees but also contractors, consultants, business partners, vendors, and their employees,” explains Nick Tuffs, principal delivery manager for the Workforce Identity and Access Management (WIAM) Programme in Vodafone Technology Security. “They are not all direct Vodafone employees, but they need access to Vodafone systems to sell our products and deliver services to our customers.”

Although Vodafone has been using identity management technology for more than 10 years, Tuffs explains, its capabilities were initially limited and its technologies and processes were as diverse and sprawling as its global operations. “Every local market had its own identity management system as well as its own local LDAP [Lightweight Directory Access Protocol] directory in which everybody could see everybody else’s phone number,” says Tuffs.

Vodafone needed a global identity management solution that could support a large workforce of different users in different roles. “We decided to standardize identity and access management for our global processes using Oracle technology,” Tuffs says.

Vodafone Group
Location: London, England
Industry: Communications
Employees: 89,100
Oracle Products: Oracle Identity Manager 11g, Oracle Access Manager 11g, Oracle Identity Federation 11g, Oracle Virtual Directory 11g, Oracle Unified Directory 11g, Oracle Service Bus 11g, Oracle Business Intelligence 11g, Oracle Data Integrator 11g, Oracle SOA Suite 11g

Electrabel GDF Suez
Location: Brussels, Belgium
Industry: Energy
Employees: 236,120 (GDF Suez)
Revenue: €90.7 billion (GDF Suez)
Oracle Products: Oracle Access Manager 11g, Oracle Database 11g, Oracle Unified Directory 11g

The first step in this standardization was to connect local directories to a global LDAP directory, and that global directory provided the backbone for the global identity management platform.

“A couple of global enterprise applications were built that utilized the global LDAP directory and required identity and access management features,” Tuffs says. “We started with the integration of our Oracle identity and access management platform with global systems for active directory, HR, finance, and supply chain, which allowed us to deliver business functions more efficiently, reduce costs, and also manage security threats through access controls.”

A Common Portal

As part of its transformation agenda, Vodafone chose to upgrade to the latest Oracle Identity Management 11g solutions including Oracle Identity Manager and Oracle Access Manager, and combine them with other Oracle Fusion Middleware solutions including Oracle Service Bus, Oracle Data Integrator, and Oracle Business Intelligence to meet evolving business and security requirements. The modular, enterprise-class Oracle architecture enabled Vodafone to carry out multiple activities in parallel—for example, integrating a target application and datasource at the same time. This helped to meet challenging integration targets and timeframes, while improving and standardizing global security technology and processes at the same time.

Vodafone’s requirements for identity access management also drove the company to develop an identity management portal solution. “There was a need for an ‘enterprise-class’ identity management portal that worked on a global level to manage people’s access across the entire workforce to all these global and local applications,” Tuffs says.

At the heart of Vodafone’s identity management portal—the WIAM portal—is Oracle Identity Manager, which provides a single point of entry through a Vodafone-branded user interface. All user identities from around the world must first be registered through Oracle Identity Manager, explains Tuffs, before users can request access to applications they need.

“We are using many components of Oracle Fusion Middleware and wrapping them around Oracle Identity Manager to make the WIAM portal scalable and flexible,” says Tuffs. “This solution meets our needs not just for security, but also integration, workflow, user experience, and reporting.”

The primary benefit the WIAM portal provides is the control of access to critical systems required within a complex and diverse organization like Vodafone, says Tuffs. “To provide access to Vodafone systems to not only our employees but also non–employees outside the organization, we now use WIAM to manage people’s access, to remove people’s access, to ensure that they can only see what they need to see, and to protect our customers’ data held in the systems users are accessing.”

A secondary benefit is the transformation and standardization of the technology and processes at Vodafone. “By standardizing our technology and processes on Oracle Identity Management, we are delivering operational efficiencies as well as an improved user experience,” says Tuffs.

So far, says Tuffs, Vodafone’s WIAM program has reduced its operating costs while cutting the time to integrate a standard application by more than half and data integration time by a third, and the program reduced access provisioning time to just one day in most cases.

Empowering Customers

Electrabel GDF Suez, the largest supplier of electricity and gas in Belgium, is counting on identity management to help it reach out to millions of its residential customers to reduce energy consumption.

Electrabel, based in Brussels, Belgium, is the local operating unit and brand name of GDF Suez S.A., the world’s largest energy company. Until the early 2000s, Electrabel was a monopoly provider of electricity and gas and the sole operator of the power grid in Belgium, says Paul Van Nieuwenhuyze, service manager, marketing and sales central delivery, for Branch Energy Europe at Electrabel GDF Suez. Then came market liberalization and the loss of the company’s monopoly status. For the first time, Electrabel faced the prospect of having to compete for customers.

“Liberalization has completely changed our business model,” says Van Nieuwenhuyze. “Right now we’re helping our customers use as little energy as possible. That was not the case before: the more you consumed, the more important you were as a customer.

“To help customers consume less, you have to have the right tools in place,” Van Nieuwenhuyze continues. “We are focused on providing cloud and mobile solutions so that our customers can follow their own energy consumption and take actions to reduce it.”

One of those tools is a mobile app, available for iOS and Android devices, that allows residential consumers to monitor and control the energy consumption in their home. This app connects to a service provider that monitors energy consumption and communicates that information to Electrabel and consumers on their iPhones, iPads, and Android devices. With that information literally in their hands, consumers can take action to lower their energy consumption, such as turning down the thermostats in their homes. And many Electrabel customers are interested in using the company’s mobile app to access sensitive personal and account data.

“This makes our security process more and more important and also more and more complex,” says Van Nieuwenhuyze. “If a customer wants to change his contract information online, for instance,” he adds, “we need to make sure that the person on the other end is who they say they are, and that they only have access to their information and no one else’s.”

Security Layer

With the opening of its market to competition, Electrabel realized that it needed to transform not only its business model but also its internal IT architecture to enable a new competitive stance. For that reason, the company has moved to a service-oriented architecture (SOA) to help its business be more responsive, flexible, and secure.

An integral part of its new SOA is a loosely coupled security layer provided by Oracle Access Manager, says Van Nieuwenhuyze. He calls Oracle Access Manager “the right choice” for the company’s new SOA, because it has built-in support for mobile devices, social networking, and cloud computing.

“Oracle Access Manager provides the security support layer through which every request passes,” says Van Nieuwenhuyze. “It provides a single point of entry where we can control things, and that’s important.”

Oracle Access Manager supports identity federation. “If you’re a customer, you can use the corporate credentials you already have to access a cloud service,” Van Nieuwenhuyze explains.

And in the future, many Electrabel IT projects will involve security and cooperation.

“In the coming years, a significant number of our IT projects will be integration projects,” concludes Van Nieuwenhuyze. “Strong governance solutions and collaboration with all our internal and external partners will be key.”

Big and Getting Bigger

No doubt about it, mobile device and mobile device app use are big and are only going to get bigger. That has serious ramifications for corporate data security and identity management, says Amit Jasuja, senior vice president of product development for Java, mobile security, and identity management at Oracle.

“Over the last couple of years, mobile has become the de facto standard for access and applications,” says Jasuja. “Some research says that 80 percent of application access in 2017 will be from mobile devices, and more than 50 percent of the money a CIO spends will be going to enable mobile applications and mobile access to applications.”

In this new environment, browser-based single sign-on from desktops and laptops is being replaced by mobile devices running many small individual apps, each of which has to have its own security and identity management capabilities.

“Mobile devices are all about mobile apps,” says Jasuja. “And those mobile apps are now sitting on somebody’s personal device, and a company needs to provide security on a personal device that is also being used for corporate network access.”

To enforce security policies, some companies are turning to “containerization” of mobile apps. “Containerization is a new term that means people are managing a corporate asset within its secure container,” says Jasuja. “That container is where corporate-level security is enforced: What is the password strength? How often do you need to change passwords? How is your data stored? Is cut, copy, paste allowed for applications within the corporate container?”

The newest release of Oracle Identity Management, Oracle Identity Management 11g Release 2 PS2, helps address these and other security concerns. It includes its own software development kit (SDK) so that users can develop secure mobile apps. “The SDK, available native for both iOS and Android devices, provides a security layer for mobile apps that is built in from the start, not added as an afterthought,” says Jasuja.

Next Steps

LEARN more about
 Oracle Identity Management

 Oracle Mobile Security


Photography by Luana Azevedo,Unsplash