Oracle 4월 20일


Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Oracle 4월 20일

  1. 1. <Insert Picture Here> Protecting Cloud Applications with Enterprise Single Sign On 임기성, Principal Sales Consultant
  2. 2. Enterprise Application GoalsFast, Secure Access To Systems and Applications isCritical To Accomplishing Your Business Objectives Operational Security & Efficiency Compliance Operating Risk Costs
  3. 3. The Business Problem• Bad password management reduces security • Weak passwords are easy to guess or hack • Strong passwords get written down and our vulnerable • Password synchronization results in “Keys to the Kingdom”• Employees Lose Productivity managing passwords • Complex userid’s and passwords are hard to remember • Employees get locked out of applications resulting in helpdesk calls• Assure GRC Policies are Met (Compliance) • HIPAA 164, PCI, SOX 404, HSPD – 12 • All Compliance initiatives are driven around • Assuring only the appropriate people have access to applications • Auditing when and by whom that application was accessed
  4. 4. Enterprise Access Challenges • Users have too many ID’s & passwords • Need Access from anywhere Sign-on• Hard to know who has • Users forget Windows access to what passwords• Secure delivery of • Strong authentication application credentials is too complex and to end users expensive to deploy
  5. 5. Cloud applications are proliferating• More services being offered in a hosted manner – CRM – Personal Productivity Products – Business Intelligence• Provide many benefits to the organization – No need to procure large and complex infrastructure – No deployment or maintenance costs associated – Provides easy access to information from anywhere
  6. 6. Drawbacks of cloud applications• Add another set of credentials for users to maintain• Securing access to those applications• Controlling access to only those who need it – Changing roles – Termination• Auditing access to the application
  7. 7. Oracle ESSO: Solves Access Challenges Cumulative # of Licenses Sold• Established track record – Passlogix Founded in 1996 – Proven history of success as Oracle OEM provider since 2006 – Oracle Acquires Passlogix in Oct 2010• Market-leading – 20 million+ licenses sold – 1,500+ enterprise customers – 10,000’s of applications – Customers with millions of employees• Patented technology – Provides fast deployment, quick ROI – 2 US patents and 7 foreign, additional pending
  8. 8. Recognized Leadership “Passlogix has been very successful early on in the IAM market with its Enterprise SSO. Passlogix [has] a solid reputation and name recognition not typically realized by a company of its size.” “Passlogix has some highly functional ESSO technology … they often pioneer in the market…” “Passlogix provides an excellent, lightweight, low maintenance SSO solution, suitable for deployments of any scale … and it is seen as a “best of breed” enterprise SSO product – the general good opinion in which it is held …” 100% of customers would buy it again 100% of customers would recommend it to a peer 100% of customers said Passlogix keeps all promises 71% ranked Passlogix as their Best or 2nd Best Vendor “The company goes around a problem .... It is far different from thinking out of the box. Its refusing to acknowledge that the box exists in the first place.”
  9. 9. Deployed by Leading Customers Financial Healthcare / Pharmaceuticals Licenses: 1.6 million + Licenses: 600,000+ Energy Government Licenses: 500,000+ Licenses: 700,000+
  10. 10. Oracle ESSO Value Proposition Complex Reduced Growing HelpdeskCompliance Employee Security NightmareEnvironment Productivity Risks Assure 80% Call Quicker Simplified GRC Volume Application Secure Policies Reduction Access AccessAvoid Fines, No Strong Auth Enforce Litigation, Downtime to Ensure Strong Loss of with Acct Identity Policies Revenue Lockouts
  11. 11. Oracle ESSO Suite Plus ESSO Logon Manager ESSO Anywhere Sign-On ESSO Kiosk Manager Sign-onESSO Provisioning ESSO Password ResetGateway ESSO Logon Manager ESSO Authentication Manager
  12. 12. ESSO Logon Manager Overview
  13. 13. ESSO Logon Manager (ESSO-LM) ESSO Admin Console Directory, Domain, Windows Database Password Audit, Web Sites Reporting Synch PKI API Mainframes (OS390, AS400) Credential & Profile Store Java Biometrics ESSO AM ESSO Logon Extranet & Manager Portal Token/ Smart card User Authentication User’s Desktop Application Sign-On
  14. 14. ESSO LM Provides Efficient Security • Enforces strong password policies Manage • Optionally can generate random passwords not known byPasswords users • Leverage corporate strong authentication deployment Integrate • Challenge for re-authentication prior to providing credentialsStrong Auth to the application • All logon events are audited and associated to an enterprise Ensure user nameCompliance • Track all password change events to comply with security
  15. 15. Sample Report
  16. 16. ESSO creates Strong Passwords Randomly Generated Password look like this:
  17. 17. Controlling User’s Access• More challenging then conventional applications – Hosted applications can be accessed from anywhere – Disabling network ID does not terminate application access• ESSO LM does not allow user’s to reveal passwords• This allows easy removal of access – Disable windows account – Remove SSO password through ESSO Provisioning Gateway
  18. 18. Access the cloud anytime, from anywhere Cloud Application
  19. 19. ESSO from Anywhere Cloud Applications Remote PC ESSO-LM Agent
  20. 20. How It Works 1. User logs on to portal with SSL VPN 2. ESSO-LM downloads, runs ESSO-LM 3. ESSO-LM authenticates to corporate directory ESSO-LM Corporate Directory 4. ESSO-LM retrieves credentials ESSO-LM 5. User launches application (e.g. SAAS CRM) automatically signed on by ESSO-LM 6. User signs off, credentials and ESSO-LM deleted
  21. 21. ESSO Provisioning GatewayProvisioning Oracle Identity Manager Applications & Custom Programs Data file and Manual Entry Sources Connectors Oracle Windows ESSO PG SPML Password Server Web Sites Mainframes PKI Directory, (OS390, AS400) Domain, Database Java Provisioning Credentials Biometrics Instructions Extranet & ESSO Logon Manger Portal Token/ Smart card User Auth User’s Desktop Application Sign-On
  22. 22. ESSO-KM Architecture eSSO Admin Console Define kiosk policies and settings AD, LDAP, SQL Retrieves policies and settings Windows Events Monitor App. Shutdown Web, Extranet, LDAP Logon Sign-off Portal - time out - keystroke xmit - card removal - closure request Java - tap out - process terminate Session Actions Mainframes initiate, suspend, screen saver, terminate (OS390, AS400)
  23. 23. ESSO Password Reset Architecture ESSO Reset Reset Server Windows Logon Audit, Reporting Domain Admin ESSO PR Console
  24. 24. ESSO-UAM General ArchitectureKey Innovations• Simplicity over security ESSO-LM• Natively designed for all methods Admin Console• Client-side architecture Active Directory• No proprietary database •Card serial #, PIN •User Windows id, password •Policies (e.g. PIN length) •Settings (e.g. force user enrollment) Card serial # ESSO-UAM User enrollment Actual authentication PIN reset Cache - disconnected use PIN
  25. 25. For More Information Identity management or
  26. 26. Summary• Simplify access to cloud applications through ESSO• Increase security by maintaining user’s password for them• Audit all access to the application for Regulatory Compliance• Enforce all policies from any computer with internet access