Presentation is loading. Please wait.

Presentation is loading. Please wait.

Katerina Kalimeri, Senior Sales Consultant Oracle Hellas

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Katerina Kalimeri, Senior Sales Consultant Oracle Hellas"— Presentation transcript:

1 Katerina Kalimeri, Senior Sales Consultant Oracle Hellas
Business level overview of Oracle IdM Prepared by X68833 Identity Management Best Practices Katerina Kalimeri, Senior Sales Consultant Oracle Hellas

2 Agenda IDM Defined Business Drivers for Complete Security
Key Elements of Identity Management Oracle Approach to Identity Management Oracle Work Summary

3 Agenda IDM Defined Business Drivers for Complete Security
Key Elements of Identity Management Oracle Approach to Identity Management Oracle Work Summary

4 What is Identity Management? Securing your IT assets from within
Management of digital identities through their complete lifecycle IDENTITY LIFE CYCLE: JOIN / MOVE / LEAVE Employee hire -> promotion -> departure Securing access to applications and information Authentication: proving you are who you say you are Authorization: what you have access to, when, where Scalable and available storage of identity information Profile: roles and attributes about you Identity Management is fundamentally about securing access to your organization’s information assets from within the enterprise. At it’s core this represents the efficient management of typically thousands of user accounts across hundreds of applications, from the time user accounts are created to through their complete lifecycle including role changes and termination. Identity Management has three fundamental components: Authentication, which consists of being able to verify who you are, I.e. username/password in most cases Authorization, which defines policies for what data and resources a user has access to Profile, attributes about you, such as your name, title, role, contact info, groups belonged to, etc.

5 Agenda IDM Defined Business Drivers for Complete Security
Key Elements of Identity Management Oracle Approach to Identity Management Oracle Work Summary

6 Today’s Business Challenges
Sustainable and efficient compliance Businesses today face many challenges, and Identity Management is key to addressing three key areas: Sustainable and efficient compliance – meeting increased regulatory requirements with a long term strategy and in a highly efficient manner is a key issue for any public company today. Compliance doesn’t have to be difficult or expensive, we’ll show you how Identity Management can help. Fool-proof security – it’s not surprising news that security compromises and attacks are on the rise. Identity management provides a key foundation for securing your org’s most valuable assets by strictly controlling access to systems, information, and applications. Operational efficiencies – Managing tens of thousands of user accounts scattered across hundreds of applications can be daunting and expensive. Identity management helps streamline these costs by centralizing key functions and leveraging them throughout the enterprise. Fool-proof security Operational efficiencies

7 Challenge: Expanding Regulatory Requirements
AMERICAS HIPAA FDA CFR 21 Part 11 OMB Circular A-123 SEC and DoD Records Retention USA PATRIOT Act Gramm-Leach-Bliley Act Federal Sentencing Guidelines Foreign Corrupt Practices Act Market Instruments 52 (Canada) EMEA EU Privacy Directives EU Electronic Signature Laws BSI BASEL II PCIDSS APAC J-SOX (Japan) CLERP 9: Audit Reform and Corporate Disclosure Act (Australia) Stock Exchange of Thailand Code on Corporate Governance GLOBAL International Accounting Standards Basel II (Global Banking) OECD Guidelines on Corporate Governance 7 7

8 Common Control Deficiencies
Delays in terminating access Maintaining privileges over time Combination of user access to transactions in conflict SOD (Aka Separation of Powers) Managing access authorization is oftentimes manual (paper based or ) Password policies not enforced across all systems Periodic review of user entitlements Proper reporting capabilities Many of the common control deficiencies that auditors look for when performing a compliance audit are what occur when identity management is still built into each individual application and there are multiple applications that need to be managed. Some of the most common deficiencies include: Delay in terminating access – either because there is no centralized repository or each application has its own user management stores associated with it, when an employee leaves or is fired, it can take weeks, sometimes months to remove the access privileges to a system. The larger the organization or the more applications that exist, the bigger the problem to manage all the orphan accounts. Built up privileges over time – users are generally given privileges when they first join an organization commiserate with their role and responsibilities. Over time as employees change roles, get promoted, etc., their roles oftentimes change, but rarely do their systems access giving them much access to applications that may no longer be required for them to do their job. Combination of user access to transactions in conflict – when users have access to applications which are in conflict to one another from a business perspective. For example, a clerk who has rights to the AP system should not have access to the Purchasing system as well so that they could potentially create fradulent payments. Manual access authorization system – when an administrator seeks to manually manage access privileges via a paper or based system, it is difficult report on how authorization is granted, track such, as well as ensure requests and grants for such follow business processes. Password policies not enforced across all systems – password policies to determine length, complexity of password or whether or not an additional authentication mechanism is required may only be applied to a few key applications (or none at all), making some applications less secure than others.

9 IdM Addresses Compliance Deficiencies
Enforces segregation of duties Restricts access Automates access management Automates attestation and audit reporting Demonstrates controls are in place and working Identity Management addresses a number of these common control deficiencies by providing a framework to manage users and their access rights. Specifically, Identity Management: Enforces segregation of duties of users by standardizing user access. A company wants to separate the activities and responsibilities of a company’s employees, particularly with respect to sensitive transactions. IdM can be used to set security policy that allows certain classes of users to only access certain systems. Restricts Access. A company must establish and maintain tight control over user permissions, privileges and profile data in order to restrict access to data, applications, and operating systems and infrastructure to only authorized users. Automates managing access. Provides for an environment where privileges are created, approved, and issued via a workflow process that ensures all appropriate parties approve access before such is granted. Provides automated capabilities to produce regularly scheduled attestation reports for management review, based on automatically captured audit data of historical user privileges. Demonstrates controls are in place and working. Provides for audit and reporting capabilities that show to auditors that indeed the system is working the way it is supposed to. This is essentially proof of compliance.

10 Challenge: Managing Security Risks
Majority of security breaches from within organization Fragmented security policies Orphaned accounts Expired access rights Lack of aggregated audit and accountability Leaked passwords, social engineering Manual provisioning requests prone to errors Network administrators unaware of organizational and role changes Next we address the critical business need of securing your corporate information assets, the compromise of which could lead to significant financial losses, customer defection, and competitive disadvantages. Most research indicates that a majority of security breaches are initiated by someone within the organization, someone who has access to your network and manages to acquire privileges to access sensitive systems. This is usually caused by fragmented security policies scattered across he organizations. Some common points of vulnerability are orphaned accounts – accounts where users were terminated but their access rights were not; expired access rights – where a user has collected privileges over time but their access rights are not modified as their role and relationship with the company changes. E.g. when an employee leaves a finance job to move to marketing, they should no longer have access to the financial systems; lack of aggregated audit and accountability – is the inability to have an enterprise view of a user’s access rights and history and no central responsibility for ensuring such. This impedes implementing rock solid security controls across the org. In addition, organizations constantly face other internal threats. Leaked passwords caused by users using either weak passwords or writing them down on sticky notes by their computer can lead to significant breaches. Manual handling of requests for new accounts can also lead to errors and inappropriate access rights. And finally, often network admins are the folks entrusted with managing user rights but have little visibility into the business users’ roles and subsequent changes as they change jobs or roles. Identity management can help address all of these risks ….. (next slide)

11 IdM Strengthens Security
Centralized security and policy management Consistent policies enforced across enterprise Enterprise wide visibility of users, access rights, audit data Automated provisioning / de-provisioning Role based user provisioning and de-provisioning Automated updates triggered by user status change Single Sign-On, Delegated Administration Reduce password compromises Delegate policy administration to business owners Identity Management helps strengthen security by: Centralizing security policies and management of such across the enterprise. This enables consistent policy application across the organization, resulting in enterprise wide visibility of user accounts, what they have access to, what they have been accessing, etc. Automated provisioning and de-provisioning of user accounts based on a user’s role ensures that security policies are up to date at all times. As soon a user’s role changes in an HR system (or other system of record for external users), their privileges can be automatically updated accordingly according to pre-defined rules and policies. SSO improves security by only requiring users to remember one username and password, thus reducing the potential of password leaks and compromises. Delegated administration allows security policies to be managed by those closest to the business applications, who are able to better manage and keep up-to-date the security policies associated with their line of business.

12 Challenge: Operational Efficiencies
Administrative costs Administering access for tens of thousands of users Overwhelming volume of help desk calls Manual provisioning of accounts for new hires Manual aggregation and cross checking of audit data User Productivity Long wait times acquiring access to requested systems Forgotten passwords No single password in use IT Productivity Developers reinventing security for each app they build Managing tens of thousands of users across hundreds of applications is a daunting task in any organization. Many of the features we’ve spoken about so far help aid compliance and improve security in such complex environments. However, there is also the challenge of managing administrative costs associated with maintaining this large permutation of security policies. Administrative costs: Not only is managing the access rights for thousands of users (and sometimes millions) a daunting task, the sheer volume and cost associated with answering help desk calls regarding simple things like forgotten passwords is significant in itself. Laborious and manual processes for requesting and approving access for new users results in significant overhead Without centralized auditing, manual aggregation of audit data and cross checking for errors, access violations, and inconsistent policies is by itself a logistical nightmare. User Productibity When new users have to wait a week or two to get access to the systems they need, productivity is hindered unnecessarily. In addition, users forgetting their passwords and having to wait to have them reset is also a significant productivity sink. Often users will try several different passwords and failing that stall for a few days trying to remember their password before resorting to placing the embarrassing call to help desk to have it reset again. IT Productivity When deploying new applications, often each application has implemented its own security subsystem. Not only does this result in inconsistent security policies, it is a tremendous waste of precious development resources rebuilding security into each application.

13 IdM Streamlines Operations
Lower Administrative costs Single Sign-On, Self-service password resets, Password synchronization $420/year per user cost savings via reduced help desk calls Automated and aggregated audit reporting Enhanced User Productivity Reduce time to access systems from days to minutes Automated provisioning - $1250 per year per employee ROI1 Enhanced IT Productivity Developers re-use centralized security functions Accelerated application deployments Externalization of authN and authZ from applications Identity Management streamlines operational costs significantly. Hence, not only does IdM improve compliance and security – a must for most large organizations today – as a bonus it actually reduces operational costs in the process. This is a win-win-win situation for IT and their business counterparts. Let’s take a look at some of the efficiencies IdM can help realize. Lower administrative costs With automated features such as single-sign on, self-service password resets (the ability for users to reset their passwords automatically over the web without calling a help desk), and automated auditing and reporting, typical enterprises can save millions of dollars a year. For example, one of our customers – a popular discount airline, was about to realize $420 per user per year in cost savings simply by reducing the number of help desk calls associated with password related issues. Enhance user productivity - In addition to lowering costs, other soft benefits cannot be underestimated. Customers have been able to reduce the time it takes to give access to new users from days to minutes. According to Burton Group, automated provisioning alone yields an ROI of $1250 per user per year. Multiply these figures with tens of thousands of users, and the cost saving and ROI per year for a typical enterprise are phenomenal. IT productivity - Finally, by centralizing security functions and having them available as reusable components for developers, applications can be deployed much faster and with lower developments costs. 1 - Burton Group Report August 2004

14 Agenda IDM Defined Business Drivers for Complete Security
Key Elements of Identity Management Oracle Approach to Identity Management Oracle Work Summary

15 Identity & Access Management
Control Identity Administration Directory Services Strong Authentication & Authorization Risk Based Access Control Single Sign-On Federation Web Services Security Identity & Organization Lifecycle Administration Enterprise Role Management Provisioning & Reconciliation Compliance Automation Virtualization Synchronization Storage Audit & Compliance Audit Data Attestation Fraud Detection Segregation of Duties Controls Management Service Levels Risk Analysis Forensics Configuration Performance Automation

16 Agenda IDM Defined Business Drivers for Complete Security
Key Elements of Identity Management Oracle Approach to Identity Management Oracle Work Summary

17 of Security Leadership
Bridgestream (Fall 2007 IdM Acquisitions) Audit Vault (Spring 2007) Database Vault Content DB, Records DB Secure Enterprise Search Thor & Octet String (IdM Acquisitions) Phaos, Oblix, (IdM Acquisitions) Database CC Security Eval #18 (10g R1) Transparent Data Encryption VPD Column Sec Policies Fine Grained Auditing (9i) 1st Database Common Criteria (EAL4) Oracle Label Security ( ) Virtual Private Database (1998) Enterprise User Security (8i) Database Encryption API Kerberos Support (8i) Support for PKI Radius Authentication Network Encryption (Oracle7) Oracle Advanced Security introduced First Orange Book B1 evaluation (1993) Trusted Oracle7 MLS DB Government customer (CIA – Project Oracle) 30 Years of Security Leadership Oracle Strategy: Acquisitions & Organic Growth I like to show this slide to let customers know that Oracle has been working in the security space pretty much since day 1. The very first Oracle customers were in the government space. This close working relationship with customers has enabled Oracle to stay at the forefront of database security technology. As you can see we’ve delivered a great deal of technology over the years. Just recently we completed our 18th independent evaluation of the Oracle database. This was completed under the Common Criteria at EAL4. Some of you may see a few new things in the upper right hand corner. I’ll talk more about those later in the presentation. 1977 2007 17

18 Oracle IAM Products Access Control Identity Administration Directory
Services Oracle Access Manager Oracle Adaptive Access Manager Oracle ESSO Oracle Identity Federation Oracle WSM Oracle Identity Manager Oracle Enterprise Role Manager Oracle Virtual Directory Oracle Internet Directory (with Directory Integration Platform) Audit & Compliance Oracle Identity & Access Management Suite Management Oracle Enterprise Manager for Identity Management

19 Leader in Magic Quadrants
User Provisioning, 2H 2007 Web Access Management, 2H 2006 Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

20 Agenda IDM Defined Business Drivers for Complete Security
Key Elements of Identity Management Oracle Approach to Identity Management Oracle Work Summary

21 Case Study – Royal Bank of Scotland (RBS)
BUSINESS CHALLENGE ORACLE SOLUTION Looking to automate provisioning & role management mapping Business Roles to IT Roles Adding job-driven, position driven, team driven, and scoped roles to the role model Meet compliance requirements and mitigate risk Oracle Identity Manager and Oracle Enterprise Role Manager chosen on May 2006 140,000 Internal Users, plus 10 connectors POC performance and reference meetings were key differentiators RESULTS Expect to meet compliance and audit requirements – both regulatory and internal. Dramatic improvement in accuracy via automation and workflow Lower cost and improve security by enabling business units to manage role grants without compromising security policy

22 Case Study - Pfizer BUSINESS CHALLENGE ORACLE SOLUTION
Wanted a portal which allows end users to determine what form of credential they would like to use to authenticate Needed ability to enforce stronger authentication based on sensitivity of data being accessed Needed a centralized security service Needed zero downtime Oracle Access Manager and Oracle Virtual Directory are key components of Pfizer’s Identity and Access Management Infrastructure RESULTS Built a security platform that allows new users to access the Pfizer applications based on their existing authentication factors – lowers cost of doing business with Pfizer. SSO allows end users to have a stronger, unique authentication method to all applications – increases security by doing away with sticky-note syndrome.

23 Case Study – BAMF BUSINESS CHALLENGE ORACLE SOLUTION
Have a complex IT environment consisting of multiple data stores Need of Delegated administration and group management for their applications Need of Password Sync from Active Directory to several OID data stores Governance compliance Oracle Access Manager and Identity Manager for 10,000 external & 2,000 internal users Identity Manager allows for delegated management of identities, Password sync (e.g. with MS AD) RESULTS Reduced Administration costs and improved user experience around password management Efficient Account creation and cancellation Password sync between OID, AD (leading directory) and Oracle database Web Single Sign-On with Application Express Apps and J2EE Apps

24 Agenda IDM Defined Business Drivers for Complete Security
Key Elements of Identity Management Oracle Approach to Identity Management Oracle Work Summary

25 IDM the Oracle way… “Holistic” approach with Oracle IAM Suite
Staged model for fast results Externalized to be used across systems and applications Value adding strategic partners Evolve to remain ahead of pace Support for life

26 Q & A

27

Download ppt "Katerina Kalimeri, Senior Sales Consultant Oracle Hellas"

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Xavier Verhaeghe Vice President Oracle Security Solutions

Xavier Verhaeghe Vice President Oracle Security Solutions
1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.

1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.
Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.

Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you: Sydney.

To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you: Sydney.
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.

Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
SAS® Data Integration Solution

SAS® Data Integration Solution
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Identity and Access Management — at the Core of Business Andrew A. Afifi, M.Sc. Network Security, CISSP Technology Strategist.

Identity and Access Management — at the Core of Business Andrew A. Afifi, M.Sc. Network Security, CISSP Technology Strategist.
Understanding Active Directory

Understanding Active Directory
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Similar presentations

Ads by Google