The document discusses key security considerations for cloud computing. It identifies top cloud security concerns such as access from mobile devices and identity management. It evaluates best practices for assessing a cloud provider's security and discusses how identity management can reduce risks and bridge security gaps. The presentation then provides an example of Oracle's identity and authentication cloud service and its features for multi-factor authentication and anti-fraud. It concludes with biographies of the cloud security executive panel speakers.

1. <Insert Picture Here>
Key Fraud and Security Considerations for
Confidence in the Cloud
January 17th 2012

2. Cloud Security Executive Speaker Panel
Cloud Sourcing and Benchmarking Advisor
Ben Trowbridge GAIL COURY Marc Boroditsky
CEO VP Risk Management VP I.D. Mgmt. Solutions
2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
2

3. Cloud Security Can be a Challenge. But Why?
Can Our Data Be Safe and
Secure in the Cloud?
3 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
3

4. Top Cloud Security Concerns*
1. Data access from mobile devices
2. Access control and I.D. Mgmt.
Top 4:
Identity Mgmt.
3. On going compliance concerns Related
4. Co-mingling of customers’ data
Co. A Data
Co. B Data
Co. C Data
5. Security standards and certifications
*CSO Online Article Feb 20, 2011
4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
4

5. Evaluating Your Cloud Provider’s Security
Best Practices Cloud Sourcing Methodology
??
Security
• Where does security fit within your
Cloud Sourcing Methodology overall cloud sourcing methodology?
Cloud
Provider
Security
• Best practices when evaluating a cloud
provider’s security
• Cloud security pitfalls to avoid
5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
5

6. Identity Restores Control and Reduces Risk
HIGH
MED-
HIGH
Public Cloud
RISK
Private Hosted Cloud
MED-
LOW
87%
Security main barrier to
Private In House Cloud cloud adoption
Source: IDC Enterprise Panel, 3Q09
LOW
Enterprise
CONTROL
HIGH LOW
1990 1995 2000 2005 2008
6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
6

7. Identity Bridges the Gap
Adaptive Access
Administration • Context / Risk Aware
• Role Mgmt • Anomaly detection
Access • Provisioning • Access certification
Scalable Repository • Single-sign on • Identity Analytics
• Identity Synch • Password policy • Certification
• Identity Virtualization • Authorization policy Risk Management
• Reporting Audit
Administration
AuthN and AuthZ
Identity
Tools Point Solutions Platform Intelligence
7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
7

8. Case
Study
Oracle IDM & Authentication Cloud Service
PeopleSoft | Internet-Facing Employee Self-Service
Easy for Users | Hosted and Managed by Oracle Cloud Services
Multi-Factor Authentication
• What you have – your computing device
• What you know – password
• What you are – knowledge questions
Anti-Fraud Features
• Personalized image, phrase, timestamp
• Device fingerprint & Virtualized keyboard
• Adaptive rules (device, location, time…)
8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
8

9. Case
Study
Oracle IDM & Authentication Cloud Service
Dashboard for:
• Logins
• Failed Logins
• KBA Challenges
• Blocked Logins
• Alerts
• Drilldown
• and much more
9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
9

10. Cloud Security Executive Speaker Panel
Cloud Sourcing and
Benchmarking
Advisor
Ben Trowbridge, CEO
Gail Coury, VP Risk Mgmt.
Marc Boroditsky, VP ID Mgmt.
10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
10