Your SlideShare is downloading. ×
0
<Insert Picture Here>Smart Strategies for Reducing Risk and ImprovingComplianceArtur AlvesSolution ArchitectOracle Portuga...
The following is intended to outline our generalproduct direction. It is intended for informationpurposes only, and may no...
Agenda                                                           <Insert Picture Here>●    Factors increasing risk●    Str...
Video – Too Much Information           Copyright © 2011, Oracle. Proprietary
What Is Increasing Risk?    Dynamic User                             Application                         Complex     Popul...
Strategies for Reducing Risk andImproving Compliance  Analyze Your Risks  Prioritize Based on Economics and Impact  Create...
Risk Score Is Your Priority                                                       Share        Last       RiskUser      Jo...
Video – Audit Eye            Copyright © 2011, Oracle. Proprietary
Prioritize based on economics and impactConsolidate      Automate              Define                Assign Access Monitor...
Solution: Create a Sustainable Program                                                        Share        Last       Risk...
Oracle Identity Analytics 11g Rapid and Sustainable Compliance Automation          Identity/Access                        ...
DemoOracle Identity Analytics       Copyright © 2011, Oracle. Proprietary
Access Certification Flow     Oracle Identity Analytics     Set Up                                                  Automa...
Closed-Loop ProvisioningOracle Identity Analytics + Oracle Identity Manager              Identity       Oracle Identity   ...
Case Study: Accelerating ROI     Financial Services ExampleCOMPANY OVERVIEW                                               ...
Copyright © 2011, Oracle. Proprietary
18   |   © 2011 Oracle Corporation – Proprietary and Confidential
Upcoming SlideShare
Loading in...5
×

Strategies for Reducing Access Controls Risk

464

Published on

Oracle Identity Analytics will help you to reduce the risk associated with Access Control identity information and it\’s life-cycle.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
464
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Strategies for Reducing Access Controls Risk"

  1. 1. <Insert Picture Here>Smart Strategies for Reducing Risk and ImprovingComplianceArtur AlvesSolution ArchitectOracle Portugalartur.alves@oracle.com
  2. 2. The following is intended to outline our generalproduct direction. It is intended for informationpurposes only, and may not be incorporated into anycontract. It is not a commitment to deliver anymaterial, code, or functionality, and should not berelied upon in making purchasing decisions.The development, release, and timing of anyfeatures or functionality described for Oracle’sproducts remains at the sole discretion of Oracle. Copyright © 2011, Oracle. Proprietary
  3. 3. Agenda <Insert Picture Here>● Factors increasing risk● Strategies for reducing risk● Demo● Case Studies Copyright © 2011, Oracle. Proprietary
  4. 4. Video – Too Much Information Copyright © 2011, Oracle. Proprietary
  5. 5. What Is Increasing Risk? Dynamic User Application Complex Population Explosion Regulatory Environment Corporate user  IT spending on SaaS  Regulations are increasing population is apps projected to world-wide increasingly mobile increase 5x in 2011*  40% of IT budget is spent 85% of all mobile  25 billion app on addressing compliance devices are downloads projected mandates* unsecured by IT* for 2011** Malicious Mobile Threats Report, * IDC, Dec 2010 * Forrester Consulting, 2010 Juniper Networks 2011 Copyright © 2011, Oracle. Proprietary
  6. 6. Strategies for Reducing Risk andImproving Compliance Analyze Your Risks Prioritize Based on Economics and Impact Create a Sustainable Program Copyright © 2011, Oracle. Proprietary
  7. 7. Risk Score Is Your Priority Share Last RiskUser Job Role RACF Siebel CRM Point Login Score  Manage Excess  Access Sep 5 John Product Customer Dev 2011 at 95 Doe Manager Access  Manage Specs 9am EST Opportunity  Manage Jan 12, SoD Customer Jim  Change 2000 at Sales Rep Violation  Manage 97 Harris Pricing 10am Opportunity PDT  Manage Sep 5 Customer Excess 2011 at Steve  Manage HR Manager 10am 98 Brown Access Opportunity EST from Nigeria Copyright © 2011, Oracle. Proprietary
  8. 8. Video – Audit Eye Copyright © 2011, Oracle. Proprietary
  9. 9. Prioritize based on economics and impactConsolidate Automate Define Assign Access Monitor & Enforce& Correlate Identity-based Enterprise via Roles via RolesEntitlements Controls Roles Role-based Provisioning Role Administration & Governance Access Build CertificationIdty Warehouse & SoD Activity Monitoring & Entitlements Management Copyright © 2011, Oracle. Proprietary
  10. 10. Solution: Create a Sustainable Program Share Last RiskUser Job Role RACF Siebel CRM Point Login Score  Manage Disable  Access Sep 5 John Product Customer Dev 2011 at 95 Doe Manager Access  Manage Specs 9am EST Opportunity  Manage Jan 12, Closed Loop Customer Jim  Change 2000 at Sales Rep Remediation  Manage 97 Harris Pricing 10am Opportunity PDT  Manage Sep 5 Customer Disable 2011 at Steve  Manage HR Manager 10am 98 Brown Access Opportunity EST from Nigeria Copyright © 2011, Oracle. Proprietary
  11. 11. Oracle Identity Analytics 11g Rapid and Sustainable Compliance Automation Identity/Access Role Governance Data Sources Oracle Identity Identity IT Audit Policy Monitoring Manager Warehouse Access Certification Oracle Access Manager Compliance Command Console• Compliance Command Console • Actionable Dashboards, Business Reports & Comprehensive Analytics• Accelerated and Sustainable Compliance Automation • Access Certification, IT Audit Policy Monitoring, Closed-loop Remediation, SoD Engine• Intelligent Role Governance • Change Management, Attestation, Consolidation & Audit, Role Mining, Identity Cleansing• Rich Identity Warehouse • Optimized for Analysis, Mining, Correlation, Reporting on Identity, Access and Policy Data Copyright © 2011, Oracle. Proprietary
  12. 12. DemoOracle Identity Analytics Copyright © 2011, Oracle. Proprietary
  13. 13. Access Certification Flow Oracle Identity Analytics Set Up Automated Action Report Built1 Periodic Review 2 Reviewer Is Notified Goes to Self Service 3 is taken based on Periodic Review 4 And Results Stored in DB Reviewer Selections Email Result What Is Certify to User Reviewed? Automatically Reject Terminate UserWho Reviews Decline Notify theIt? Process Owner Archive (Audit) Delegate Notify Delegated Attested Data Reviewer Attestation ActionsStart When? Delegation PathsHow Often? Comments Copyright © 2011, Oracle. Proprietary
  14. 14. Closed-Loop ProvisioningOracle Identity Analytics + Oracle Identity Manager Identity Oracle Identity Warehouse Analytics Roles SoD Checks Entitlement Rules Resource Data Entitlements Data Oracle Identity Manager Enterprise Applications Custom Apps GRANT or REVOKE Databases and LDAP Mainframes • User provisioning and de-provisioning (after Certification) • Password reset & self-service account requests • Delegated administration • Approval and request workflow • Compliance reports Copyright © 2011, Oracle. Proprietary
  15. 15. Case Study: Accelerating ROI Financial Services ExampleCOMPANY OVERVIEW RESULTS• A global bank with HQ in Europe, presence in NA, • 3.8M actions reduced to 26K Asia and Emerging Markets • Annual cost reduction = Euro 3.7M• Over 90K employees, > 1000 apps, 500 DBs, 6000 servers, and 1.1 M user accounts • 90% app SOX certification complete in 1 week, 100% in 2CHALLENGES/OPPORTUNITIES months. SOX compliant!• SOX Compliance a challenge with over 3.8M actions • 3 month manual process now takes• Complex feed from multiple platforms – UNIX, Wintel, <2 weeks DBsSOLUTION• Implemented Oracle Identity Analytics (formerly Sun Role Manager) Copyright © 2011, Oracle. Proprietary
  16. 16. Copyright © 2011, Oracle. Proprietary
  17. 17. 18 | © 2011 Oracle Corporation – Proprietary and Confidential
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×