Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ING webcast platform


Published on

ING discusses Oracle identity management implementation and deployment synergies with a platform approach

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

ING webcast platform

  1. 1. <Insert Picture Here>ING: Scaling Role Management and AccessCertification to Thousands of ApplicationsMark Robison, Enterprise Architect, INGNeil Gandhi, Principal Product Manager, Oracle
  2. 2. This document is for informational purposes. It is not a commitmentto deliver any material, code, or functionality, and should not be reliedupon in making purchasing decisions. The development, release,and timing of any features or functionality described in this documentremains at the sole discretion of Oracle. This document in any form,software or printed matter, contains proprietary information that is theexclusive property of Oracle. This document and informationcontained herein may not be disclosed, copied, reproduced ordistributed to anyone outside Oracle without prior written consent ofOracle. This document is not part of your license agreement nor canit be incorporated into any contractual agreement with Oracle or itssubsidiaries or affiliates.
  3. 3. Speakers Mark Robison Neil Gandhi Enterprise Architect Principal Product Manager
  4. 4. Agenda • Business Drivers • Implementation • The Platform Approach • Results & Lessons Learnt • Use Cases & Deployment Synergies • Q&A
  5. 5. ING Environment at a Glance• Fortune Global 500 Oracle Access• Over 29 M customers Manager• Over 16K US employees*• 600 attested resources• Centralized Security• Full Auditability *Includes managed contractors
  6. 6. State of Business Prior to ImplementationExisting System – home grown and spreadsheet basedProjectOracle -Access scope Role Based ManagerThe problem of scale - 520 critical appsDisparate systems – No single audit sourceKey stakeholders – LoB, Security (CSO), IT
  7. 7. Business Drivers for INGRegulatory Compliance • Scaling compliance across applications & users Oracle AccessOperationalManager Efficiency • Reduce redundant effort, administrative overheadPersonalized User Experience • Improve user productivity, SLARisk Mitigation • Close security gaps with instant and accurate user account/lifecycle management
  8. 8. ING IAM ImplementationCurrent Scope • Internal users Oracle Access • User Population: 16K Manager • Initial focus on 520 SOX-critical applicationsImmediate Goals • Replace home grown system for scale, efficiency • Single Platform to handle access managementKey Features • Roles based • Automatic user access attestation on transfer • Integration with Oracle Identity Manager (OIM) for full lifecycle management
  9. 9. Phase-In Approach at ING Perimeter Security Revokes (OIM) - 2009 • Automate the revoke of key perimeter security access for all employees that are terminated • PeopleSoft HR is triggering system • Network access (Active Directory) • Email (Exchange) • RACF (Mainframe) • Benefits • Real Time account disable on termination event Password Management (Oracle ESSO)- 2007 • Provide mechanism for end user to have a single login for multiple applications • Provide for self service password resets – 12/2010 • Benefits • User does not have to memorize multiple credentials • Reduced calls to help desk for password resets (40% reduction)Retirement - Insurance - Investments 9
  10. 10. Phase-In Approach at ING Access Attestation (OIA) – 11/1/2010 • Replaced custom developed attestation program with OIA product • Provides quarterly manager based review for employee’s application access • Currently supports over 600 application feeds (520 SOX critical) • Integrated with PeopleSoft HR, Service-Now (Help Tickets and Configuration Management Database) • Provides immediate manager review process for employee’s application access on employee transfer event • Benefits • Easier attestation experience for managers • Audit compliance Base Role Access (OIM) – 12/15/2010 • Automate Base Role Access on New Hire event from HR • Active Directory, Exchange, Ariba (Procurement), Service-Now (Help Desk, CMDB), Clarity (Time Tracking), PeopleSoft HR (Benefits, Pay), ESSO, etc. • Benefits • Standardization of user setup • Reduced new hire provisioning time (From 7 days to instant)Retirement - Insurance - Investments 10
  11. 11. Phase-In Approach at ING Simple AD Application Access (OIM) – 3/1/2011 • Automate simple AD security based applications and integrate with Service-Now for manager requested provisioning • Benefits • Consistent, timely provisioning • Reduction of Security Fulfillment Staff (10 consultants) Implementation of ING Contact Centers (OIA and OIM) - 2011 • Develop Role Matrix for all contact center staff • Identify and integrate all applications into new provisioning process • Where cost effective & technically viable, applications are automatically provisioned using OIM • All other applications will be manually provisioned (from OIM) by integrating OIM to the Service- Now Help Desk ticketing system Implementation of all ING Business Units (OIA and OIM) – 2012 + • Develop Role Matrix for all other organizations • Identify and integrate all applications into new provisioning processRetirement - Insurance - Investments 11
  12. 12. Methods of Attestation – Initial Method with OIA• Resource Based Attestation Employees • Manager must attest to all employees Applications access in all applications • Results in many attestation reports per Application A manager • Manager does not “know” if level of Manager access is appropriate Platform B • Encourages “rubber stamping” Application C System D
  13. 13. Methods of Attestation – Future Plan with OIA Employees Business Roles• Role Based Attestation • A Business Roles defines what IT Role A Manager roles a user should have to perform only their specific job function Role B • IT Roles determine the level of access required within Role C application/platform • Manager attests that employees are Business Role Owners in correct Business Role • Business Role Owner attests that the IT roles makeup the correct access needed to perform job Role A Role B Role C function Application A Application A • IT Role Owner attests that correct application entitlements are set in IT Platform B Application C Application C role System D System D System D
  14. 14. The Bigger Picture Oracle Identity Analytics (OIA), Oracle Identity Manager (OIM), and Oracle Enterprise Single Sign-On (OESSO) provide a comprehensive and integrated suite of products that allow ING to effectively manage identity and access management. The applications are game changers that have greatly enhanced ING’s Operational Efficiency.
  15. 15. Down The Road: Future Plans & DriversIncrease Automated Provisioning• Custom Connectors to ApplicationsExtend Scope to External Identities – Customers• Provisioning/AttestationsExpand Identity Warehouse• Support Additional Feeds
  16. 16. OIM and OIA Synergies at INGOIA – The BRAINS• Allows Modeling of roles• Supports user attestation• Supports Segregation of Duty checksOIM – The MUSCLE• Provisioning and Deprovisioning engine• Access Reconciliation• Identity Data Warehouse
  17. 17. ING Business Value • The time to get new employees access to all required applications is reduced. (<24 hours) • The process of user access review is simplified. (Role Based) • Closed Loop Remediation on attestation is accomplished using OIA and OIM. • IT / Application roles are clearly defined, including the specific IT entitlements so error rates and re-work efforts are significantly reduced. • Where feasible, applications are automatically provisioned, based on pre- approved business & application roles to reduce fulfillment time and errors. • Reporting and fulfillment validation capabilities provide more complete audit options while reducing the associated costs. • Separation of Duties conflicts are easier to manage. • Can manage the lifecycle of an identity from new hire, transfer, to termination.Retirement - Insurance - Investments 17
  18. 18. Implementation Lessons Learned  IAM (Identity and Access Management) implementation projects cross organizational boundaries and require strong sponsorship to set direction and priorities Executive Sponsorship  Governance function with engaged stakeholders from management, business, Information Technology is challenging to establish, but vital for the long-term  Achieve clarity on the business challenges being addressed by the IAM solution Business Focus  Identify business drivers – Compliance, Risk Management, Cost Control, Business Facilitation – based upon enterprise needs and determine priority with stakeholders  Obtaining organizational buy-in for moving from application-specific to enterprise identity and access management is an exercise in diplomacy Change Leadership  Provisioning project spans the whole organization - 75% Process + 25% Technology  Curb your enthusiasm – don’t over-scope your Phase 1 implementation  Initial IAM projects should deliver "quick wins" to build business support for continuing the IAM program Value Delivery  The “big-bang” implementation approach is unlikely to build stakeholder trust and involvement required for continuing along the IAM maturity curveRetirement - Insurance - Investments 18
  19. 19. Implementation Lessons Learned  In order to reduce the risk and avoid testing in production, non-production target environments are Non Production Target required to test connectors (AD, Exchange, RACF) Environments  It is critical for non-production target environments to have the same data and schema as the production target environments  Account ID format conventions in use could present challenges or constraints on uniqueness, consistency, and ease to remember Standard User ID  Opportune time to standardize the login ID  May require multiple standards based on platform limitations, a handful of standard patterns are better than free form  Determine point of diminishing returns for automated and manual processes  Pilot the implementation to prove the solution Technology Integration  Implement the solution by delivering in phases (top value first)  Test performance and functionality  IAM projects have unique characteristics, so domain experience is vital IAM Experience  IAM projects are complex, demand effective managers who can not only track schedule and budget, but effectively communicate with a diverse set of stakeholders and make sure everyone is pulling in the same directionRetirement - Insurance - Investments 19
  20. 20. Scale and Simplicity • A Few Administrators • Handful of Help Desk Staff
  21. 21. Oracle Identity Manager – Oracle Identity AnalyticsUse Cases • Key front-office features automation: • Access Request & Access Certification • Cross product knowledge of common identity data and policies • Role-based User Administration • Preventative Separation of Duties (SoD) Enforcement • User Risk Aggregation and Auditing • Analytics and Reporting
  22. 22. Oracle Identity Manager – Oracle Identity AnalyticsUnique Value Proposition • Access Request and Access Certification Automation User On- boarding SOD Checking • Risk Aggregation throughout User Lifecycle User Access Change • Scales & expedites User Off- Aggregate certification process board Risk Score • Builds in accuracy • Closed-Loop Remediation • Streamlined User, Role Management
  23. 23. Platform Reduces Cost vs. Point Solutions Oracle IAM Suite Benefits Advantage48% Cost Savings Increased End- User Productivity Reduced Risk • Emergency Access • End-user Self Service • 11% faster • 30% faster • Suspend/revoke/de- • 46% faster46% More Responsive Enhanced Agility provision end user access • Integrate a new app faster with the IAM infrastructure • 64% faster • Integrate a new end user • 73% faster35% Fewer Audit Deficiencies Enhanced role faster into the solution • Reduces unauthorized • 14% fewer Security and access Compliance • 35% fewer • Reduces audit deficiencies Reduced Total • Reduces total cost of IAM • 48% lower Cost initiatives Source: Aberdeen “Analyzing point solutions vs. platform” 2011
  24. 24. Oracle Identity Management Platform Complete, Innovative and Inter-operable Identity Administration, Access Management Directory Services Governance• Password Management • Single Sign-On & Federation • LDAP Storage• Self-Service Request & Approval • Web Services Security • Virtualized Identity Access• Roles based User Provisioning • Authentication & Fraud • LDAP Synchronization Prevention• Analytics, Policy Monitoring • Next Generation (Java) Directory • Authorization & Entitlements• Risk-based Access Certification • Access from Mobile Devices Platform Security Services Identity Services for Developers
  25. 25. Why Oracle ?• Strategic Partner• Platform Synergies• Comprehensive, Best-in-Class• Proven Solutions, Team
  26. 26. Aberdeen Online Identity AssessmentBenchmark Your Identity & Access
  27. 27. Aberdeen Group Event SeriesFeaturing Analyst Derek Brink Chicago New York April 10th April 12th San Francisco May 22nd Toronto Boston April 17th April 19th
  28. 28. Live Platform Webcast SeriesCustomers Discussing Results of Platform Approach Platform Best Practices Cisco’s Platform Approach Agilent Technologies Cisco Systems February 15th 2012 March 14th 2012 (Replay available) Platform for Compliance Platform Business Enabler ING Bank Toyota Motors April 11th 2012 May 30th 2012 Register at:
  29. 29. Identity Management at COLLABORATE 12Deep Dive, User-Driven Sessions, and More• April 22 – 26, Las Vegas• Sunday, Apr 22, 9 am – 3 pm Security and Compliance for your Oracle Systems• Multiple Security, Identity Management sessions(Keyword search: Identity Management) Register at:
  30. 30.
  31. 31. Q&A Mark Robison Neil Gandhi Enterprise Architect Principal Product Manager