Enterprise Security Architecture: From Access to Audit


Published on

As presented by Kamal Tbeileh at OTN Architect Day, Redwood Shores, CA, 7/22/09.

Find an OTN Architect Day event near you: http://www.oracle.com/technology/architect/archday.html

Interact with Architect Day presenters and participants on Oracle Mix: https://mix.oracle.com/groups/15511

Published in: Technology, News & Politics
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Enterprise Security Architecture: From Access to Audit

  1. 1. <Insert Picture Here> Enterprise Security Architecture: From access to audit Kamal Tbeileh Database Security Architecture
  2. 2. Agenda • Business Challenges • IT Challenges • Defense in-depth architecture • Q&A
  3. 3. Changing Business Climate Challenges Our Customers Face… "In a time of accelerating turbulence, the valuation of a company will be strongly affected by how it executes change."
  4. 4. Today’s IT Challenges More Compliant Business • Increasing regulatory demands • Increasing privacy concerns • Business viability concerns More Agile Business More Secured Business • More access to employees, customers & partners • Identity theft • Higher level of B2B integrations • Intellectual property theft • Faster reaction to changing requirements • Insider threats
  5. 5. Today’s “New Normal” Users, Systems, Globalization and Compliance Forced Complexity Service Level Compliance & IT Records Anti-Money Anti- Compliance Ethics Programs Governance Retention Laundering Financial Supply Chain Audit Legal Data Privacy Reporting Traceability Management Discovery Compliance Users Finance Suppliers R&D Mfg Sales HR Legal Customers Systems Enterprise Data Database Mainframes Mobile Devices Apps Applications Warehouse Server Globalization Mandates SOX SOX JSOX JSOX EU EU Directives Directives FDA FDA Basel II Basel II HIPAA HIPAA GLBA GLBA Patriot Patriot Act Act SB1386 SB1386 PCI… PCI…
  6. 6. Security for Apps, Middleware, Data and Infrastructure Comprehensive ‘Defense in Depth’ Approach Applications Automated Controls Monitoring and Configuration Monitoring and Configuration Enterprise Visibility Enterprise Visibility Access to Business Services Lower Cost of User Lifecycle Middleware Data Protection and Privacy Database and Infrastructure Unbreakable Linux Copyright © 2008, Oracle and/or its affiliates. All rights reserved. 7
  7. 7. Enterprise Security Reference Architecture
  8. 8. Oracle Security Components Applications E-Business Suite, PeopleSoft, Siebel, Hyperion, JDE SAP, Custom, Legacy Access Identity Web Service Enterprise Manager Identity Manager Federation Manager and Access Identity Manager Management Directory Services Database Vault Audit Vault Data Advanced Label Security Security Security Option Information Rights Management
  9. 9. A Typical Environment… Data Tier Presentation Tier Logic (Business) Tier
  10. 10. Solution: Centralize and Simplify Access SSO E na b le dA pp lic a tio n s
  11. 11. Solution: Simplify Access to Multiple Datastores…
  12. 12. Solution: Simplify Employee to Business Partner Login SSO + Fe de rat i on -En ab le dA pp s
  13. 13. Oracle Database Security Components Enterprise Applications Business Custom Helpdesk Email Portals Apps Apps Database Operational Business DBA Application Protect Data Vault Protect Data from in Motion with View and Alteration Select SALARY X Network from users; as well as Insider Encryption using Threat using Alter system. X Advanced Security Alter table.. Database Vault 5 Consolidate Audit Option * Example roles and privs Data & Show Reports Operational using Audit Vault Alter table …. DBA Select SALARY from USERS; Protect User and Sensitive Data LNAME SSN SALARY at Rest by Encrypting Database 123-45-6789 KING $125,000 Columns using 987-65-4321 SCOTT $229,500 Securely Backup Data To Advanced Security Option 345-67-8912 SMITH $ 53,700 Tape with Secure Backup LNAME CREDIT_CARD EXP_DATE KING 1234-5678-9123 04-2010 SCOTT 2345-6789-4321 09-2012 SMITH 9876-5432-1987 01-2011
  14. 14. FMW Security as a Service Oracle 3rd Party Custom Legacy Applications Fusion ISF Aware Developed Applications Applications ISF Aware Business Functions & Middleware Applications Authentication User Authorization Business Business Business Management Federation Functions Functions Functions Legacy Integration Interface Connectors, Agents Oracle IAM Suite with Identity Services Framework Service Interfaces WS-*, SPML, SAML, XACML, CARML Identity Services Authentication Provisioning Identity Provider Audit Authorization Administration Role Provider Federation & Trust Enterprise Identity Management Infrastructure Policy & Orchestration Virtualization & User Store
  15. 15. Oracle Enterprise Security Summary Application Security Governance Risk Compliance Policy & Identity And Access Management Process User Management Directory Management Management Access Management Platform Security Identity Audit Enterprise Control Data Security Compliance Multi-level Access Control Encryption Analysis & Information Rights DBA Security Monitoring & Alert Reporting Operating System Security Audit Automation Authentication Service User Management
  16. 16. For More Information search.oracle.com Security or oracle.com