Platform Security - a holistic approach

1,227 views

Published on

Oracle Day 2011

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,227
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Platform Security - a holistic approach

  1. 1. 1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Security platform – a holistic approach Marcin Kozak Software Architect, Security Month, Day, Year Venue City
  2. 2. 2
  3. 3. 3 MULTI-DEVICE SOCIAL MEDIAALWAYS CONNECTED PERMANENT DATA COLLECTION HYBRID CLOUD COMPLIANCE INFORMATION THEFT INTELLECTUAL PROPERTY ACCESS ANYWHERE DELEGATED ACCESS COST EFFICIENT ONE VIEW 360°CUSTOMER VIEW BIG DATA ACQUISITIONS CHANGING BUSINESS PROCESS & IT CONSOLIDATION CONVERGENCE
  4. 4. 4 FUTURE PROOF FOR EXPANDING DEPLOYMENT OPTIONS ON-PREMISE PRIVATE CLOUD PUBLIC CLOUD HYBRID CLOUD
  5. 5. 5 FROM PROTECTING FROM THE OUTSIDE…
  6. 6. 6 TO PROMOTING COLLABORATION WHILE ENSURING INFORMATION SECURITY & COMPLIANCE…
  7. 7. 7 IN A RAPIDLY CHANGING IT LANDSCAPE… PACKAGED APPLICATIONS MOBILE DEVICES EXTERNAL PORTALS INTERNAL PORTALS DOCUMENT/CONTENT MANAGEMENT CLOUD SOLUTIONS
  8. 8. 8 Growing and more specific sophisticated attacks Two Thirds of Sensitive and Regulated Information now Resides in Databases … and Doubling Every Two Years Source: IDC, "Effective Data Leak Prevention Programs: Start by Protecting Data at the Source — Your Databases", August 2011 HR Data Citizen Data Credit Cards Customer Data Financial Data Classified Govt. Info. Trade Secrets Competitive Bids Corporate Plans Source Code Bug Database Credit Cards Customer Data Financial Data HR Data Citizen Data 8
  9. 9. 9 Database Sprawl Makes Attacking Easier! Sensitive Data Partners DW/AnalyticsReports Stand By Test DevTemp use 9
  10. 10. 10 2010 Data Breach Investigations Report Endpoint Security Vulnerability Management Network Security Authorizatio n Security DB Security • How do I control insiders? • Can I report on anomalous behavior? • Can I prevent intrusions? • Can I ensure proper controls around privileged access? INSIDER THREATS ARE REAL
  11. 11. 11 IT Security vs Info Risk Management Small change, big difference! Business issuesTechnology issues IT security • Defensive / Reactive • Manual • Threat driven policy development • Secure Infrastructure • Information Protection • Policy Management • Regulations forced upon org’s Operationalizing&outsourcing Information risk mgmt • Proactive • Automated • Rules based policy development • Secure Data • Information Assurance • Policy Enforcement • Embrace risk & see security a business enabler CISO,CSO,Riskmgmtdomain
  12. 12. 12
  13. 13. 13
  14. 14. 14
  15. 15. 15
  16. 16. 16 Aberdeen Research Brief June 2011 Aberdeen Research Brief June 2011
  17. 17. 17 Integration / adapt speed improved by 64%-73% Unauthorized access - -14% Audit issues -35% Aberdeen Research Brief June 2011 SECURITY PLATFORM IS BETTER Platform Approach Reduces Cost by 48% AGILITY EFFICIENCY COSTS
  18. 18. 18
  19. 19. 19 Identity Governance • Password Management • Self-Service Request & Approval • Roles based User Provisioning • Analytics, Policy Monitoring • Risk-based Access Certification Access Management • Single Sign-On & Federation • Web Services Security • Authentication & Fraud Prevention • Authorization & Entitlements • Access from Mobile Devices Directory Services • LDAP Storage • Virtualized Identity Access • LDAP Synchronization • Next Generation (Java) Directory Platform Security Services - Identity Services for Developers Roles & Entitlements Authorization AuditingAuthentication User Provisioning Policy Store Session Data Management Directory Services other
  20. 20. 20 • User Provisioning Automation – Supports Adds, Moves and Changes – Virtualizes user identity – Reconciles orphaned accounts • Workflow Driven – Flexible and change-able processes – Supports approval processes • Policy Driven – Provides account policies and password policies – Supports Role based entitlement management Delete Update Create Platform Security: User Provisioning Service
  21. 21. 21 • Standards Based Authentication – Simplifies integration – Provides federated sign-on • Self Service Password Management – Reset forgotten passwords – Change passwords – Enforce strong password policy • Multi-factor Authentication – Increase trust – Comply with regulatory mandates Password Management Sign-on Policy Platform Security: Sign-On and Authentication
  22. 22. 22 • Standards Based – XACML – NIST – ABAC and RBAC • Separation of Duties – Preventative and detective – Function and data security • ADF Integration – Reduced development cost – Reduced complexity Policy Enforcement SOD Roles Platform Security: Declarative Security External Authorization
  23. 23. 23 • Secures User Information – Protects private user data – Provides attribute level security • Externalizes Identity – A single user view – Common user accounts across apps • Simplifies Audit Compliance – Single point for access termination – Single point for access control audit Virtualized Identity Privacy Data Platform Security: Identity Provider Service
  24. 24. 24 Mobile Access & Enterprise Applications Native web browser on the mobile device Native mobile device clients acting as a web browser Native mobile device clients connecting to gateways or applications • Enterprises want enable secure, convenient, efficient access to enterprise applications, data, and collaboration/communication tools • Support a workforce anywhere model, using any device • Mobile applications are built one of the following ways:
  25. 25. 25 Mobile & Social Identity Access Challenges Auth Servers Directory Servers DB Servers IAM Servers ? Developer
  26. 26. 26
  27. 27. 27 Data Database Security Defense-in-Depth  Prevent access by non-database users for data at rest, in motion, and storage  Increase database user identity assurance  Strict access control to application data even from privileged users  Enforce multi-factor authorization  Audit database activity, and create reports  Monitor database traffic and prevent threats from reaching the database  Ensure database production environment is secure and prevent drift  Mask sensitive data in non-production environments
  28. 28. 28 Oracle Maximum Security Architecture Oracle Audit Vault Oracle Database Firewall Applications Multi-factor Authorization DB Consolidation Security Unauthorized DBA Activity Oracle Database Vault Encrypted Database Encrypted Traffic Oracle Advanced Security Oracle Data Masking Mask For Test and Dev 2011 Oracle Corporation – Proprietary and Confidential 28 Enterprise Manager Grid Control Secure Configuration Scanning Patch Management
  29. 29. 29 BASED ON OPEN STANDARDS & MANAGEABILITY & SCALABILITY
  30. 30. 30 Q&A
  31. 31. 31
  32. 32. 32

×