Iam suite introduction

Introduction To Oracle Identity And Access Management (IAM) Shujaat Ali Sr. Security Specialist, Public Sector Sales Consulting

Agenda State of enterprise security and the need for IAM Oracle solutions Industry validations and customer success stories The future of Oracle IAM Summary and best practice Q&A

Q: What’s posted on this monitor? a – password to financial application b – phone messages c – to-do’s

Q: What determines your employee’s access? a – give Alice whatever Wally has b – roles, attributes, and requests c – whatever her manager says

Q: Who is the most privileged user in your enterprise? a – security administrator b – CFO c – the 3-peat summer intern who is now working for your competitor

Q: How secure is your identity data? a – It is in 18 different secured stores b – We protect the admin passwords c – Privacy? We don’t hold credit card numbers

Q: How much are manual compliance controls costing your organization? a – nothing, no new headcount b – don’t ask c – don’t know

Today’s IT Challenges More Agile Business More accessibility for employees, customers and partners Higher level of B2B integrations Faster reaction to changing requirements More Secured Business Organized crime Identity theft Intellectual property theft Constant global threats More Compliant Business Increasing regulatory demands Increasing privacy concerns Business viability concerns

State Of Security In Enterprise Incomplete Multiple point solutions from many vendors Disparate technologies that don’t work together Complex Repeated point-to-point integrations Mostly manual operations ‘ Non-compliant’ Difficult to enforce consistent set of policies Difficult to measure compliance with those policies

Identity Management Values Trusted and reliable security Efficient regulatory compliance Lower administrative and development costs Enable online business networks Better end-user experience

Identity & Access Management Access Control Directory Services Identity Administration Authentication & Authorization Single Sign-On Federation Web Services Security Identity Lifecycle Administration Role & Membership Administration Provisioning & Reconciliation Compliance Automation Virtualization Synchronization Storage Service Levels Configuration Performance Automation Management Audit Data Attestation Segregation of Duties Controls Audit & Compliance

Oracle IAM Products Access Control Directory Services Identity Administration Oracle Access Manager Oracle Enterprise Single Sign-On Oracle Identity Federation Oracle Web Services Manager Oracle Identity Manager Oracle Virtual Directory Oracle Internet Directory (with Directory Integration Platform) Oracle Enterprise Manager for Identity Management Management Oracle Identity & Access Management Suite Audit & Compliance

Leader in Magic Quadrants User Provisioning, 1H 2006 Web Access Management, 2H 2006 Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Heterogeneous Support Applications Directories Application/Web Servers Operating Sys tems Groupware ACF-2 & TSS Portals RACF “ Of all the large platform vendors, Oracle, Novell, CA and BMC seem the most committed to providing significant support for heterogeneous environments.“ - Ray Wagner, Gartner, October 2006

Standards Support Contribute and lead SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Security) - Author SPML - Author XACML – Voting member Implement Accelerate product development Simplify product integration & minimize TCO Innovate Enable Identity Services Framework: CARML, AAPML Standards for end-to-end security

Access Control Oracle Access Manager (Web) Authentication & Authorization Oracle eSSO Suite (Desktop/Legacy) Single Sign-On Federation Oracle Identity Federation Web Services Security Oracle Web Services Manager

Oracle Access Manager Benefits Centralized and consistent security across heterogeneous environments Reduced administration cost Improved end user experience Features Web single-sign-on Common policy management Multi-level, multi-factor authentication management Self-service and delegated administration Workflow engine Web Services interfaces Oracle Access Manager (Web)

Oracle Enterprise SSO Benefits Eliminates forgotten passwords for Windows desktop and applications Improves security & user experience Meet regulatory compliance Features Sign-on to any Windows, web, host, mainframe or Java application Use any combination of tokens, smart cards, biometrics and passwords Auto inactive session termination and application shutdown for shared workstation Reset Windows password directly from locked workstation Oracle eSSO Suite (Desktop/Legacy)

Oracle Identity Federation Benefits Secured integration with partners Reduced administration cost Improved end user experience Features Seamless SSO and identity sharing Multi-protocol gateway – SAML, Liberty, WS-Federation Service Provider or Identity Provider Flexible deployment configurations Standalone for use with pre-existing web-access management solution Protocol SDK for custom applications Oracle Identity Federation

Oracle Web Services Mgr. Benefits Quick and simple deployment Provide standard (J2EE) policy enforcement points Enable SLA definition and monitoring, quality of service reporting. Features Declarative policy (no coding) Rich library of pre-built policies Centralized policy management with local enforcement Supports WS-Security Integrated security for SOA Suite/Services infrastructure Oracle Web Services Manager

Identity Administration Lifecycle Administration Role & Membership Administration Provisioning & Reconciliation Compliance Automation Oracle Identity Manager

Oracle Identity Manager Benefits Reduced administration cost Cost effective regulatory compliance Improved security Improved service level Features Identity life-cycle management for the heterogeneous enterprise Approval and provisioning workflows Role based access control Complete integration solutions: OOTB connectors & Adapter Factory Deep integration to ERP and HRMS Audit and compliance reporting and process automation Oracle Identity Manager

Directory Services Virtualization Synchronization Storage Oracle Virtual Directory Oracle Directory Integration Platform Oracle Internet Directory

Oracle Virtual Directory Benefits Rapid application deployment Tighter controls on identity data Real-time identity information access Features Modern Java & Web Services technology Virtualization, proxy, join & routing capabilities Superior extensibility Scalable multi-site administration Direct data access Oracle Virtual Directory

Oracle Internet Directory With Directory Integration Platform Benefits Reduced operational cost with Oracle Grid support Seamless integration with Oracle applications and products Features Full feature LDAP server with a RDBMS data-store Industry leading scalability and HA capabilities Strong Oracle platform integration VSLDAP certified and EAL4 compliant Entity level directory synchronization support for all major directory products (DIP) Oracle Internet Directory

Identity Audit & Compliance Audit Data & Reporting Attestation Segregation Of Duties Controls Oracle Identity & Access Management Suite

Identity Audit & Compliance Benefits Cost effective compliance Enhance data integrity and auditability Real time and consistent enforcements Enable compliance to SOX, GLB, HIPAA, J-SOX, … Features Comprehensive historical and temporal audit data Comprehensive operational and historical reports Attestation of entitlements Segregation of duties via denial policies Comprehensive system and exception logging Integration with Audit Vault, ICM, and 3 rd party compliance products Oracle Identity Audit & Compliance

Management Service Levels Performance Configuration Automation Oracle Enterprise Manager For Identity Management

Oracle Enterprise Manager For Identity Management Benefits Actively manage IdM service levels Rigorous management of IdM technology stack Simplified deployment, patching, and upgrade Features Automated modeling of IAM components and infrastructure Define SLA, monitor and report Response time, throughput, usage metrics, … Server, application, and user level metrics Automated discovery of IAM components and infrastructure Discover & track configuration attributes / values Installing, Patching, Upgrading, Cloning Development  Test  Production Oracle Enterprise Manager

Identity Management Customers Some Sample References Oracle Confidential Manufacturing & Transportation Financial Services Government & Public Sector Retail & Services Healthcare Technology & Communications

‘ Day one’ access lead time reduced to < 5 mins Knowing Who Has Access to What = Priceless Eliminated ghost accounts via reconciliation of local administrative changes across 650 managed systems Reduced compliance effort across 50 SOX-critical applications by 12 man weeks Award winning deployment BUSINESS CHALLENGE Critical systems vulnerable to unmanaged & orphaned system accounts No detailed audit trails of each user’s access rights – current and historical Reduce the cost of user administration from $30.00 per access modification Comply with external regulations – Sarbanes Oxley & Gramm-Leach-Bliley Acts RESULTS ORACLE SOLUTION Lehman selected Oracle Identity Manager over IBM, Sun, and CA Very flexible (adaptable), open architecture simplified integration Integrated with 800+ business applications GUI-based business rule development Case Study – Lehman Brothers GLB & SOX Compliance

Oracle Access Manager solution saves Southwest $30/month per employee 40k users for a total of $1.2 million per month. Also reduced equipment idle time at $15,000 per hour. BUSINESS CHALLENGE Wanted to obtain engineering drawings, blueprints, color coding reports and other technical documents from the manufacturer via the Web Increase efficiency Reduce the business costs of transactions with the aircraft manufacturers RESULTS ORACLE SOLUTION Oracle Access Manager and Oracle Identity Federation Six week implementation 1st in airline industry to implement SAML Case Study – Southwest Airlines Seamless B2B Integration & Low TCO

User self service expected to lower cost and improve user adoption Improved security and efficiency by migrating manual self service tasks to an automated system BUSINESS CHALLENGE DTI wanted to provided 12000 state employees with self service HR capability. It also wanted to initiate eGovernment efforts to offer Delaware residents the ability to do common online tasks. Most of the self service tasks were manual and paper/fax based. RESULTS ORACLE SOLUTION Oracle Access Manager, Oracle Virtual Directory, and OID chosen over Sun and CA, May 2006 150K External Users, 12K Internal Users Oracle Solution works with IBM WebSphere mid-tier and PeopleSoft HR Oracle was able to demonstrate a web services based identity management solution Case Study – State of Delaware Convergence of HR and Identity Data

Looking Ahead Oracle will broaden security product portfolio Strategic priority for Oracle development Strong authentication, role management, compliance … From security silos to built-in security Built into databases, middleware, enterprise applications Identity Services Framework Project Fusion Single security model across Enterprise Applications Suite Enforced uniformly at all parts of technology infrastructure Across entire life-cycle from development to maintenance

Identity Services Framework Oracle IAM Suite with Identity Services Framework Identity Provider Provisioning Authentication Virtualization & User Store WS-*, SPML, SAML, XACML, CARML Audit Legacy Integration Interface Connectors, Agents Federation & Trust Policy & Orchestration Oracle Fusion Applications & Middleware 3 rd Party ISF Aware Applications Legacy Applications User Management Authentication Authorization Federation Business Functions Business Functions Business Functions Custom Developed ISF Aware Applications Business Functions Administration Authorization Role Provider Identity Services Enterprise Identity Management Infrastructure Service Interfaces

Key Oracle Differentiators Complete suite of best-of-breed products Complete & best integrated identity management suite Includes compliance, virtualization and system management Market leadership validated by press and analysts Proven for large scale deployments Large, complex, and award winning deployments Broad customer base and use cases Large referenceable customer base Best long-term investment Strong support of open standards and hot-pluggable strategy Pre-integrated with Oracle products – DB, middleware, apps Pre-integrated with over 50 applications and infrastructure Underpins Oracle’s next generation of Fusion Applications

Key To Successful IAM Projects Establish the strategic nature of I&AM Focus on processes and people , technology is only an enabler Obtain executive support and buy-in Develop overall business requirements and a starting point – directory, access management or provisioning Select software based on requirements of today and the future Follow a phased approach for integration of applications and different types of users Get developers on board early on for integration with consolidated authentication, authorization and identity services Put in place a comprehensive change management and communication plan

Iam suite introduction

More Related Content

What's hot

Viewers also liked

Similar to Iam suite introduction

More from wardell henley

Recently uploaded

Iam suite introduction

Editor's Notes