Your SlideShare is downloading. ×
  • Like
IDM Mobile Security Overview
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

IDM Mobile Security Overview

  • 531 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
531
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
33
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Innovating for a Secure Mobile Extended Enterprise Andy Smith Sr Director Product Management Feb 2014
  • 2. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Oracle Confidential – Do Not Distribute 2
  • 3. THE NEW PERIMETER THE NETWORK IS NO LONGER THE POINT OF CONTROL DATA PEOPLE Unstructured & Structured Employees, Contractors Costumers & Partners DEVICES Phones, Servers, Laptops, Tablets Oracle Confidential – Do Not Distribute 3
  • 4. Mobile Usage in the Enterprise Driven by IT Consumerization % 89 % 67 Mobile devices already connect to corporate networks Use tablets to work remotely 65% use to check email % 80 By 2015, mobile app development projects will outnumber native PC projects by 4-to-1 Source: Forbes: Mobile Business Statistics For 2012 Oracle Confidential – Do Not Distribute 4
  • 5. Mobility Is A Significant Challenge for I.T. Bring Your Own Device (BYOD) Practices in 2011 74% Allow some sort of BYOD usage. 74% 10% Less than 10% “FULLY AWARE” of the devices accessing their network Forbes: Mobile Business Statistics For 2012 Top Mobility Challenges for CIOs Securing corporate information 41% Integrating with other systems 31% Supporting multiple devices 28% CIO Insight: Top Challenges of Enterprise Mobility, 2012 Oracle Confidential – Do Not Distribute Mobility is Expensive 41% CIOs cited Mobility is expensive & a critical challenge Up to$250 per device/ annually Includes cost of connectivity, infrastructure and support McKinsey, 2012: Mobility Disruption: A CIO Perspective 5
  • 6. Security leads enterprise buying demand Oracle Confidential – Do Not Distribute 6
  • 7. 10% Store Passwords in Plain Text % 58 % 35 % 76 Building mobile application stores Reported lost or stolen devices Store credentials on the device Source: Partnerpedia Survey Aug 2011 Source: Norton Cybercrime 2012 Oracle Confidential – Do Not Distribute Source: Information week Aug 2011 7
  • 8. DEFINING Mobile Security Mobile Application Management Mobile Device Management Mobile Security Mobile Enterprise Application Platform Secure Application Access Oracle Confidential – Do Not Distribute 8
  • 9. How To Secure Corporate Data In A BYOD World? Mobile Application Management: Create a secure container that separates corporate data and apps from personal Oracle Confidential – Do Not Distribute 9
  • 10. Oracle’s STRATEGY APPLICATIONS CRM MOBILE PLATFORM MOBILE SECURITY ERP MOBILE SUITE 10 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – Do Not Distribute 10
  • 11. Today’s Identity Management – 11gR2 PS2 Secure REST API’s SSO, OAuth, Federation Device Security, Strong Auth Access Management Secure Mobile APIs, SSO and Web Services  For the API Economy  Extend existing IDM infrastructure • NEW: 2 Factor Auth, Mobile SSO, Oauth  Develop secure consumer facing bespoke applications • Web, Native and Hybrid applications API Management Transformation API Monitoring  iOS and Android SDKs Oracle Confidential – Do Not Distribute 11
  • 12. Oracle’s STRATEGY CONTAINER Isolate corporate data, support remote wipe, restrict data transfer CONTROL EXPERIENCE Role based access, self Secure applications & communication, corporate service request, sign-on, fraud detection application store MOBILE SECURITY SUITE 12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Confidential – Do Not Distribute 12
  • 13. THE NEW IDENTITY MANAGEMENT OPEN, INTEGRATED, BEST OF BREED DIRECTORY SERVICES ACCESS MANAGEMENT IDENTITY GOVERNANCE To Handle 100s of Millions of Users Supporting Mobile, Social and Cloud With BYOD Support Oracle Confidential – Do Not Distribute 13
  • 14. Oracle Mobile Security Addressing Customer Requirements for Mobile Security • Mobile Security Suite that can extend the Oracle IDM platform • Separate personal and corporate apps and data • Application centric solution – avoid device lockdown • Extend Identity Management platform to manage the lifecycle of applications and containers • Extend Access Management platform to mobile devices and applications • Oracle/ADF Mobile Apps secure-by-default by consuming these security services Oracle Confidential – Do Not Distribute 14
  • 15. Oracle Mobile Solution Secure Mobile Workspace - Separate personal and corporate data Secure Intranet Authentication / SSO Secure Mail Data at Rest Encryption Data in Transit Encryption Browser PIM (email, calendar, contacts, tasks, notes) Secure Files Doc Editor File Manager Secure Apps Enterprise Apps DLP Policy App Distribution Oracle Confidential – Do Not Distribute App Catalog 15
  • 16. Native App Protection Delegated security model with app containerization • App Containerization adds security layer for bespoke and COTs apps after development • Decouple security deployment & app development • Injection-based approach. No SDK. • SSO, secure access and DLP enforcement Oracle Confidential – Do Not Distribute 16
  • 17. Secure access with App Tunnel No VPN Required • • • • Identity and remote access coupled Prevent rogue apps Access to internal network only for white-listed apps Unlike IPSEC, no CPU and network overhead Oracle Confidential – Do Not Distribute 17
  • 18. Oracle Identity Management Extending the Platform with a Discreet Mobile Security Solution Identity Governance Access Management Web Single Sign-on Approval Workflows Federation Automated Provisioning Social Identity Access HR Reconciliation Externalized Authorizations Access Certification and SOD SOA and API Security Role Lifecycle Management Integrated ESSO Privileged Account Management Token Services User Management & Self Service Mobile App Access Management Entitlement Catalogue/App Store Secure Mobile Gateway Device and Container Management Secure Container Oracle Confidential – Do Not Distribute System Management and Monitoring Directory Services LDAP Storage/ Virtual/ Meta Directory Device Store Mobile Security Access Request Management 18
  • 19. Oracle Mobile Security Suite Steady State Architecture Corporate Network HTTP/REST/SOAP/OAUTH Corporate DMZ Oracle API Gateway REST/Mobile Security OAM Protected Resources Oracle Access Manager With Mobile & Social Oracle Identity Governance with Mobile Application Mgmt Device & Policy Registry (OID/OUD) Oracle Mobile Access Server App Tunnel Apple/Google Push Notification SOAP/REST and Legacy Web Services Oracle Confidential – Do Not Distribute 19
  • 20. IDENTITY FOR THE EXTENDED ENTERPRISE A PLATFORM FOR ENTERPRISE, CLOUD & MOBILE One Identity Platform Oracle Oracle Confidential Confidential – Do Not Distribute 20
  • 21. New: Oracle Identity Management Mobile Application Security Enabling Cloud API Economy Cloud Identity Services • Separating and managing corporate apps/data on Mobile devices • Secure API management • Seamless SSO for mobile bespoke applications • OAuth 2.0 Server support • Cloud Access Portal • Core Identity Services Rapidly Available as a Managed Service • Unstructured Data Protection with OES • Web services-based Cloud connectors Oracle Confidential – Do Not Distribute Enterprise Identity Services • Modernized access request and certification • Session recording for shared accounts • Consistent governance for cloud, mobile and enterprise applications 21
  • 22. Questions Oracle Confidential – Do Not Distribute 22
  • 23. Oracle Confidential – Do Not Distribute 23