Copyright © 2014, Oracle and/or its affiliates. All rights reserved.1
Securing The Extended
Enterprise: Universal Access
Management
Satish Kumar
Delivery Centric
Email: satish.kumar@deliverycentric.com
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.2
This document is for informational purposes. It is not a commitment to
deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. The development, release, and timing of any
features or functionality described in this document remains at the sole
discretion of Oracle. This document in any form, software or printed matter,
contains proprietary information that is the exclusive property of
Oracle. This document and information contained herein may not be
disclosed, copied, reproduced or distributed to anyone outside Oracle
without prior written consent of Oracle. This document is not part of your
license agreement nor can it be incorporated into any contractual agreement
with Oracle or its subsidiaries or affiliates.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.3
Agenda  Oracle Access Management
 Solution Overview
 Vision and Roadmap
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.4
Agenda  Oracle Access Management
 Solution Overview
 Vision and Roadmap
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.5
The New Digital Economy Is Shaping the World
Organizational interactions with users are primarily via
web/mobile
Authentication considered an obstacle and security an
absolute expectation
Mobile use rapidly eclipsing PC use as dominant form factor
for access
Consumerization of IT creating parallel expectations for
consumers and employees
Rapidly emerging cloud, mobile and cloud opportunities
attractive to private and public sector organizations
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.6
Challenges of the New Digital Economy
Application Proliferation Straining IT Organizations And
Causing Fragmented Identities Across Systems
Inconsistent User Experiences Across Apps And
Channels
User And Application Data Subject To Persistent And
Clever Breach Attacks
Accommodating The Ever Increasing Internet Scale Is
Challenging Antiquated Systems
Managing User Access
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.7
Requirements for the New Digital Economy
Unified Access Management
Optimized User Access From Any Device
Context Aware Security Across All Channels
Scalable Access & Authorizations Model
Integrated Strong Authentication
Centralized Policy And User Management





Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted8
Toyota
Securing Vehicle Telematics And Connecting Owners To Their Cars
 Needed a robust scalable Access Management solution to
secure vehicle integration with mobile technologies for safety,
diagnostics and advanced infotainment services
 Deployed 11gR2 versions of OAM, OMSS, OAG and OUD to
replace CA Siteminder
 Chose Oracle based on its robust, scalable infrastructure,
converged simplified platform and market leading capabilities
such as Mobile and Social
• Supports daily volume of 200,000+ transactions with a service
response time of < 1 sec and 99.9% Service Availability
CUSTOMER PRESENTATION
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted9
Turkcell
Secure Multi-channel Access for Wireless Users of Applications
• Needed to determine the numbers of customers authenticating to the
applications on the network and from what type of devices
• Needed to deliver strong security to applications such as online banking
and online shopping to protect customer data
• Installed Oracle Access Management Suite Plus 11gR2 to Unify Access
Experience
• Migrated all applications that needed authentication to utilize OAM
including 9 custom applications which provided real time customer
experience data
• Deployment cost for new applications has been reduced by 75%
SUCCESS STORY VIDEO
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.10
Access Management 11gR2 Adoption
0
100
200
300
400
500
600
700
800
900
1000
3/31/2013 7/9/2013 10/17/2013 1/25/2014
OAM 11g R2 Active
Customers
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.11
Agenda  Oracle Access Management
 Solution Overview
 Vision and Roadmap
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.12
Oracle Access Management
Unified Approach to Complete Authentication, Authorization and Audit
Enterprise AppsCloud Apps Mobile Apps
Authentication Authorization Mobile and API Federation
Common Policy Model Scalable High Availability
and DR
Authentication Plugin
Framework
Intelligent Risk Based
Authentication
Integrated Strong
Authentication
Real Time
External Security
Policies
RESTful Interfaces
API Management Standards Based
Platform
Social
Standards Bases
Approach
Desktop Apps Oracle Apps
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.13
Unified Access Management
Key Solution Requirements
Seamless, Multi-Channel
Access
Secure, Universal Access
Scalable for today’s
Internet Needs
Standards Based Modular
Architecture
Integrated Risk, Fraud
& Strong Authentication
Increase Agility with
External Security Policies
Simple, Centralized System
Management
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.14
Seamless Multi-Channel Access
 Optimize User Experience Delivers
Consistent Access Across All Channels
 Extend Common Policies To Cloud,
Mobile And Enterprise Apps
 Reduce Risk With Intelligent, Context-
Aware Policies
 Streamline Operations Via Converged
Access Management Services For All
Channels And Platforms
Common User Experience And Access Controls Across Platforms
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.15
Secure Universal Access
 Provide Seamless User Access To Any
Application From A Cloud Access Portal
 Prevent Unauthorized Access With Strong
Authentication And Fine-grained Authorization
 Optimize The Mobile User Experience With
Single Sign On For Web And Native Apps
 Enable Secure Access To Legacy Applications
Via API Gateway
 Extend Identities To Cloud Services Via SAML,
OAuth, XACML or REST Standards
Access Any App from Any Device, Anywhere
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.16
Scalability for today’s internet needs
Support future business growth
 Performance Tested Highly Scalable
Architecture
 Multi Data Center Support
– Active  Active
– Active  Passive
– Active  Hot Stand By
 Automated Policy replication across
Data Centers
Authentication
250M Users
3K TPS – 1 server
5K TPS – 2 servers
Authorization
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.17
Integrated Risk, Fraud & Strong Authentication
 Leverage contextual information to
challenge for proper authentication
type
 Native Mobile OTP for step up
authentication
 Real-time risk analysis and fraud
prevention
 Data Redaction through dynamic
authorization based on risk
 One platform consistent policy and
adaptive to context, content and risk
Context-aware, Content-aware and Risk-aware
LOW
HIGH
ME
D
RESPONSE
ALLOW DENY
RISK
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.18
Standards-Based, Modular Architecture
Your Requirements, Your Path, Your Schedule
 Modular Architecture Designed To Fit Your
Evolving Access Requirements
 Standards-Based To Integrate Fully With Other
Legacy Solutions
 Paths to Value for Access Management
– Extend Single Sign On to Mobile Apps
– Deliver Strong Authentication
– Mobile Enable Legacy Enterprise Apps
– Externalize Application Security Models
– Offer Federation for Cloud Apps
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.19
Increase Agility with External Security Policies
 Accelerate Application Time To Market By
Externalizing Authorization Logic
 Ensure Consistent Policies Across
Enterprise, Cloud and Mobile Apps
 Provide Scalable Fine Grained
Authorization to Content Management
Portals, like SharePoint and Webcenter
 Require No Application Modification
Consistent Authorization Management
HTTP / REST / SOAP
/
Oauth Clients
OES Policy Engine
Back End Systems
API
Gateway
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.20
Oracle Application Integration
 Pre-integrated, certified access
management for Oracle Aps
 Reduces integration complexity
and reduce maintenance costs
 Quickly deliver valuable business
applications to the market with
complete integrated security
Out of the box Integrations with Oracle Applications
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.21
Simplified Management
 Reduced TCO via Unified Solution
– Unified User & Admin Interface
– Share Server
– Single Data Repository
 Shorten Deployment cycle through an
automated installer and accelerate time to value
 Automated patching reduces on-going
maintenance cost
 Enterprise Manager monitors system health
increasing Up Time to guarantee SLAs
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.22
Agenda  Oracle Access Management
 Solution Overview
 Vision and Roadmap
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.23
Access Management Roadmap
 Enable Mobile and Cloud
– Convergence of Bitzer Mobile into Access
– IDaaS Cloud SSO
– OAM as a service
– Office365 certification
 Simplify Management
– Complete native password management capabilities
– More native OTP capabilities
– Advanced end-to-end platform diagnostics
 Enable Mobile and Cloud
– OpenID Connect support
– IDaaS strong authentication as a service
– API Management
– Mobile eSSO
 Intelligent Access
– Native risk analysis
– Enhanced adaptive authentication
 Simplify Management
– Convergence of OAAM
– Convergence of OES
– Automatic discovery / registration of Oracle Products
– Server side patch management
2H CY 2014 CY 2015
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.24
Enable Mobile and Cloud
 Mobile Convergence
– Unified container and mobile SDK
– Extend OAM capabilities to containerized mobile apps including native app and browser SSO,
authorization, risk based step up authentication and OAuth support
– Unified Administration for Mobile Security
 Cloud services
– Access Portal in the cloud for users to SSO to all their cloud and on-prem apps
– Enable OAM as a service through REST based cloud agent
– Multi-tenancy
 API Security
– OOB enabling federation and Oauth with Salesforce, Google, Amazon AWS, SQS
– Additional protocol support of WebSockets for real-time chat, gaming, etc
– More messaging control capabilities with embedded Apache ActiveMQ
 Office365 certification
Access Management 11gR2 PS3
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.25
Simplify Management
 More strong authentication options for Adaptive Authentication
 Native OAM change password and forget password services
 Simplified webgate management with profile bulk update
 Improved diagnostics for troubleshooting
– Capture & Publish additional metrics
– Improve WebGate level logging
– OES Runtime Monitoring & Statistics
Access Management 11gR2 PS3 (11.1.2.3.0)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.26
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.27

Oracle Access Management - Customer presentation

  • 1.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.1 Securing The Extended Enterprise: Universal Access Management Satish Kumar Delivery Centric Email: satish.kumar@deliverycentric.com
  • 2.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.2 This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
  • 3.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.3 Agenda  Oracle Access Management  Solution Overview  Vision and Roadmap
  • 4.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.4 Agenda  Oracle Access Management  Solution Overview  Vision and Roadmap
  • 5.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.5 The New Digital Economy Is Shaping the World Organizational interactions with users are primarily via web/mobile Authentication considered an obstacle and security an absolute expectation Mobile use rapidly eclipsing PC use as dominant form factor for access Consumerization of IT creating parallel expectations for consumers and employees Rapidly emerging cloud, mobile and cloud opportunities attractive to private and public sector organizations
  • 6.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.6 Challenges of the New Digital Economy Application Proliferation Straining IT Organizations And Causing Fragmented Identities Across Systems Inconsistent User Experiences Across Apps And Channels User And Application Data Subject To Persistent And Clever Breach Attacks Accommodating The Ever Increasing Internet Scale Is Challenging Antiquated Systems Managing User Access
  • 7.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.7 Requirements for the New Digital Economy Unified Access Management Optimized User Access From Any Device Context Aware Security Across All Channels Scalable Access & Authorizations Model Integrated Strong Authentication Centralized Policy And User Management     
  • 8.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted8 Toyota Securing Vehicle Telematics And Connecting Owners To Their Cars  Needed a robust scalable Access Management solution to secure vehicle integration with mobile technologies for safety, diagnostics and advanced infotainment services  Deployed 11gR2 versions of OAM, OMSS, OAG and OUD to replace CA Siteminder  Chose Oracle based on its robust, scalable infrastructure, converged simplified platform and market leading capabilities such as Mobile and Social • Supports daily volume of 200,000+ transactions with a service response time of < 1 sec and 99.9% Service Availability CUSTOMER PRESENTATION
  • 9.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted9 Turkcell Secure Multi-channel Access for Wireless Users of Applications • Needed to determine the numbers of customers authenticating to the applications on the network and from what type of devices • Needed to deliver strong security to applications such as online banking and online shopping to protect customer data • Installed Oracle Access Management Suite Plus 11gR2 to Unify Access Experience • Migrated all applications that needed authentication to utilize OAM including 9 custom applications which provided real time customer experience data • Deployment cost for new applications has been reduced by 75% SUCCESS STORY VIDEO
  • 10.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.10 Access Management 11gR2 Adoption 0 100 200 300 400 500 600 700 800 900 1000 3/31/2013 7/9/2013 10/17/2013 1/25/2014 OAM 11g R2 Active Customers
  • 11.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.11 Agenda  Oracle Access Management  Solution Overview  Vision and Roadmap
  • 12.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.12 Oracle Access Management Unified Approach to Complete Authentication, Authorization and Audit Enterprise AppsCloud Apps Mobile Apps Authentication Authorization Mobile and API Federation Common Policy Model Scalable High Availability and DR Authentication Plugin Framework Intelligent Risk Based Authentication Integrated Strong Authentication Real Time External Security Policies RESTful Interfaces API Management Standards Based Platform Social Standards Bases Approach Desktop Apps Oracle Apps
  • 13.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.13 Unified Access Management Key Solution Requirements Seamless, Multi-Channel Access Secure, Universal Access Scalable for today’s Internet Needs Standards Based Modular Architecture Integrated Risk, Fraud & Strong Authentication Increase Agility with External Security Policies Simple, Centralized System Management
  • 14.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.14 Seamless Multi-Channel Access  Optimize User Experience Delivers Consistent Access Across All Channels  Extend Common Policies To Cloud, Mobile And Enterprise Apps  Reduce Risk With Intelligent, Context- Aware Policies  Streamline Operations Via Converged Access Management Services For All Channels And Platforms Common User Experience And Access Controls Across Platforms
  • 15.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.15 Secure Universal Access  Provide Seamless User Access To Any Application From A Cloud Access Portal  Prevent Unauthorized Access With Strong Authentication And Fine-grained Authorization  Optimize The Mobile User Experience With Single Sign On For Web And Native Apps  Enable Secure Access To Legacy Applications Via API Gateway  Extend Identities To Cloud Services Via SAML, OAuth, XACML or REST Standards Access Any App from Any Device, Anywhere
  • 16.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.16 Scalability for today’s internet needs Support future business growth  Performance Tested Highly Scalable Architecture  Multi Data Center Support – Active Active – Active Passive – Active Hot Stand By  Automated Policy replication across Data Centers Authentication 250M Users 3K TPS – 1 server 5K TPS – 2 servers Authorization
  • 17.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.17 Integrated Risk, Fraud & Strong Authentication  Leverage contextual information to challenge for proper authentication type  Native Mobile OTP for step up authentication  Real-time risk analysis and fraud prevention  Data Redaction through dynamic authorization based on risk  One platform consistent policy and adaptive to context, content and risk Context-aware, Content-aware and Risk-aware LOW HIGH ME D RESPONSE ALLOW DENY RISK
  • 18.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.18 Standards-Based, Modular Architecture Your Requirements, Your Path, Your Schedule  Modular Architecture Designed To Fit Your Evolving Access Requirements  Standards-Based To Integrate Fully With Other Legacy Solutions  Paths to Value for Access Management – Extend Single Sign On to Mobile Apps – Deliver Strong Authentication – Mobile Enable Legacy Enterprise Apps – Externalize Application Security Models – Offer Federation for Cloud Apps
  • 19.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.19 Increase Agility with External Security Policies  Accelerate Application Time To Market By Externalizing Authorization Logic  Ensure Consistent Policies Across Enterprise, Cloud and Mobile Apps  Provide Scalable Fine Grained Authorization to Content Management Portals, like SharePoint and Webcenter  Require No Application Modification Consistent Authorization Management HTTP / REST / SOAP / Oauth Clients OES Policy Engine Back End Systems API Gateway
  • 20.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.20 Oracle Application Integration  Pre-integrated, certified access management for Oracle Aps  Reduces integration complexity and reduce maintenance costs  Quickly deliver valuable business applications to the market with complete integrated security Out of the box Integrations with Oracle Applications
  • 21.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.21 Simplified Management  Reduced TCO via Unified Solution – Unified User & Admin Interface – Share Server – Single Data Repository  Shorten Deployment cycle through an automated installer and accelerate time to value  Automated patching reduces on-going maintenance cost  Enterprise Manager monitors system health increasing Up Time to guarantee SLAs
  • 22.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.22 Agenda  Oracle Access Management  Solution Overview  Vision and Roadmap
  • 23.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.23 Access Management Roadmap  Enable Mobile and Cloud – Convergence of Bitzer Mobile into Access – IDaaS Cloud SSO – OAM as a service – Office365 certification  Simplify Management – Complete native password management capabilities – More native OTP capabilities – Advanced end-to-end platform diagnostics  Enable Mobile and Cloud – OpenID Connect support – IDaaS strong authentication as a service – API Management – Mobile eSSO  Intelligent Access – Native risk analysis – Enhanced adaptive authentication  Simplify Management – Convergence of OAAM – Convergence of OES – Automatic discovery / registration of Oracle Products – Server side patch management 2H CY 2014 CY 2015
  • 24.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.24 Enable Mobile and Cloud  Mobile Convergence – Unified container and mobile SDK – Extend OAM capabilities to containerized mobile apps including native app and browser SSO, authorization, risk based step up authentication and OAuth support – Unified Administration for Mobile Security  Cloud services – Access Portal in the cloud for users to SSO to all their cloud and on-prem apps – Enable OAM as a service through REST based cloud agent – Multi-tenancy  API Security – OOB enabling federation and Oauth with Salesforce, Google, Amazon AWS, SQS – Additional protocol support of WebSockets for real-time chat, gaming, etc – More messaging control capabilities with embedded Apache ActiveMQ  Office365 certification Access Management 11gR2 PS3
  • 25.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.25 Simplify Management  More strong authentication options for Adaptive Authentication  Native OAM change password and forget password services  Simplified webgate management with profile bulk update  Improved diagnostics for troubleshooting – Capture & Publish additional metrics – Improve WebGate level logging – OES Runtime Monitoring & Statistics Access Management 11gR2 PS3 (11.1.2.3.0)
  • 26.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.26
  • 27.
    Copyright © 2014,Oracle and/or its affiliates. All rights reserved.27