Strategies for Reducing Access Controls Risk
Upcoming SlideShare
Loading in...5
×
 

Strategies for Reducing Access Controls Risk

on

  • 603 views

Oracle Identity Analytics will help you to reduce the risk associated with Access Control identity information and it\’s life-cycle.

Oracle Identity Analytics will help you to reduce the risk associated with Access Control identity information and it\’s life-cycle.

Statistics

Views

Total Views
603
Views on SlideShare
599
Embed Views
4

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 4

http://www.linkedin.com 4

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Strategies for Reducing Access Controls Risk Strategies for Reducing Access Controls Risk Presentation Transcript

  • <Insert Picture Here>Smart Strategies for Reducing Risk and ImprovingComplianceArtur AlvesSolution ArchitectOracle Portugalartur.alves@oracle.com
  • The following is intended to outline our generalproduct direction. It is intended for informationpurposes only, and may not be incorporated into anycontract. It is not a commitment to deliver anymaterial, code, or functionality, and should not berelied upon in making purchasing decisions.The development, release, and timing of anyfeatures or functionality described for Oracle’sproducts remains at the sole discretion of Oracle. Copyright © 2011, Oracle. Proprietary
  • Agenda <Insert Picture Here>● Factors increasing risk● Strategies for reducing risk● Demo● Case Studies Copyright © 2011, Oracle. Proprietary
  • Video – Too Much Information Copyright © 2011, Oracle. Proprietary
  • What Is Increasing Risk? Dynamic User Application Complex Population Explosion Regulatory Environment Corporate user  IT spending on SaaS  Regulations are increasing population is apps projected to world-wide increasingly mobile increase 5x in 2011*  40% of IT budget is spent 85% of all mobile  25 billion app on addressing compliance devices are downloads projected mandates* unsecured by IT* for 2011** Malicious Mobile Threats Report, * IDC, Dec 2010 * Forrester Consulting, 2010 Juniper Networks 2011 Copyright © 2011, Oracle. Proprietary
  • Strategies for Reducing Risk andImproving Compliance Analyze Your Risks Prioritize Based on Economics and Impact Create a Sustainable Program Copyright © 2011, Oracle. Proprietary
  • Risk Score Is Your Priority Share Last RiskUser Job Role RACF Siebel CRM Point Login Score  Manage Excess  Access Sep 5 John Product Customer Dev 2011 at 95 Doe Manager Access  Manage Specs 9am EST Opportunity  Manage Jan 12, SoD Customer Jim  Change 2000 at Sales Rep Violation  Manage 97 Harris Pricing 10am Opportunity PDT  Manage Sep 5 Customer Excess 2011 at Steve  Manage HR Manager 10am 98 Brown Access Opportunity EST from Nigeria Copyright © 2011, Oracle. Proprietary
  • Video – Audit Eye Copyright © 2011, Oracle. Proprietary
  • Prioritize based on economics and impactConsolidate Automate Define Assign Access Monitor & Enforce& Correlate Identity-based Enterprise via Roles via RolesEntitlements Controls Roles Role-based Provisioning Role Administration & Governance Access Build CertificationIdty Warehouse & SoD Activity Monitoring & Entitlements Management Copyright © 2011, Oracle. Proprietary
  • Solution: Create a Sustainable Program Share Last RiskUser Job Role RACF Siebel CRM Point Login Score  Manage Disable  Access Sep 5 John Product Customer Dev 2011 at 95 Doe Manager Access  Manage Specs 9am EST Opportunity  Manage Jan 12, Closed Loop Customer Jim  Change 2000 at Sales Rep Remediation  Manage 97 Harris Pricing 10am Opportunity PDT  Manage Sep 5 Customer Disable 2011 at Steve  Manage HR Manager 10am 98 Brown Access Opportunity EST from Nigeria Copyright © 2011, Oracle. Proprietary
  • Oracle Identity Analytics 11g Rapid and Sustainable Compliance Automation Identity/Access Role Governance Data Sources Oracle Identity Identity IT Audit Policy Monitoring Manager Warehouse Access Certification Oracle Access Manager Compliance Command Console• Compliance Command Console • Actionable Dashboards, Business Reports & Comprehensive Analytics• Accelerated and Sustainable Compliance Automation • Access Certification, IT Audit Policy Monitoring, Closed-loop Remediation, SoD Engine• Intelligent Role Governance • Change Management, Attestation, Consolidation & Audit, Role Mining, Identity Cleansing• Rich Identity Warehouse • Optimized for Analysis, Mining, Correlation, Reporting on Identity, Access and Policy Data Copyright © 2011, Oracle. Proprietary
  • DemoOracle Identity Analytics Copyright © 2011, Oracle. Proprietary
  • Access Certification Flow Oracle Identity Analytics Set Up Automated Action Report Built1 Periodic Review 2 Reviewer Is Notified Goes to Self Service 3 is taken based on Periodic Review 4 And Results Stored in DB Reviewer Selections Email Result What Is Certify to User Reviewed? Automatically Reject Terminate UserWho Reviews Decline Notify theIt? Process Owner Archive (Audit) Delegate Notify Delegated Attested Data Reviewer Attestation ActionsStart When? Delegation PathsHow Often? Comments Copyright © 2011, Oracle. Proprietary
  • Closed-Loop ProvisioningOracle Identity Analytics + Oracle Identity Manager Identity Oracle Identity Warehouse Analytics Roles SoD Checks Entitlement Rules Resource Data Entitlements Data Oracle Identity Manager Enterprise Applications Custom Apps GRANT or REVOKE Databases and LDAP Mainframes • User provisioning and de-provisioning (after Certification) • Password reset & self-service account requests • Delegated administration • Approval and request workflow • Compliance reports Copyright © 2011, Oracle. Proprietary
  • Case Study: Accelerating ROI Financial Services ExampleCOMPANY OVERVIEW RESULTS• A global bank with HQ in Europe, presence in NA, • 3.8M actions reduced to 26K Asia and Emerging Markets • Annual cost reduction = Euro 3.7M• Over 90K employees, > 1000 apps, 500 DBs, 6000 servers, and 1.1 M user accounts • 90% app SOX certification complete in 1 week, 100% in 2CHALLENGES/OPPORTUNITIES months. SOX compliant!• SOX Compliance a challenge with over 3.8M actions • 3 month manual process now takes• Complex feed from multiple platforms – UNIX, Wintel, <2 weeks DBsSOLUTION• Implemented Oracle Identity Analytics (formerly Sun Role Manager) Copyright © 2011, Oracle. Proprietary
  • Copyright © 2011, Oracle. Proprietary
  • 18 | © 2011 Oracle Corporation – Proprietary and Confidential