3. The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracle’s
products remains at the sole discretion of Oracle.
4. More breaches than ever…
Data Breach Once exposed, the data is out there – the bell can’t be un-rung
PUBLICLY REPORTED DATA BREACHES
400
300
630%
Increase
200
100
Total Personally
Identifying Information
Records Exposed 0
(Millions)
2005 2006 2007 2008
Average cost of a data breach $202 per record
Average total cost exceeds $6.6 million per breach
Source: DataLossDB, Ponemon Institute, 2009 - http://datalossdb.org
http://www.privacyrights.org/ar/ChronDataBreaches.htm
5. More threats than ever…
70% attacks originate inside the firewall
90% attacks perpetrated by employees with privileged access
6. More regulations than ever…
• Federal, state, local,
industry…adding more
mandates every year!
• Need to meet AND demonstrate
compliance
• Compliance costs are
unsustainable
? Report and audit
90% Companies behind in compliance
Source: IT Policy Compliance Group, 2007.
7. Higher Costs Than Ever…
• User Management Costs
• User Productivity Costs
• Compliance &
Remediation Costs
• Security Breach
Remediation Costs $ It Adds Up
9. IdM Centralizes & Strengthens Security
• Centralized security and policy management
– Consistent policies enforced across enterprise
– Accelerated compliance with evolving mandates
• Automated provisioning / de-provisioning
– Role based user provisioning and de-provisioning
– Automated updates triggered by user status change
• Single Sign-On, Delegated Administration, Risk-
based Access
– Reduce password compromises
– Delegate policy administration to business owners
– Proactively defend against sophisticated security
threats
10. IdM Streamlines IT Efficiency
• Lower Administrative costs
– Cost savings via reduced help desk calls
– Automated and aggregated audit reporting
• Enhanced User Productivity
– Reduce time to access systems from days to minutes
– Automated provisioning – 212% ROI within 6 months1
• Enhanced IT Productivity
– Developers re-use centralized security functions
– Accelerated application deployments
1 – Forrester Research Report – TEI Study of Oracle Identity Manager 2008
11. Oracle Security Inside Out
Database Security
• Encryption and Masking
• Privileged User Controls
• Multi-Factor Authorization
• Activity Monitoring and Audit
• Secure Configuration
Identity Management
• User Provisioning
• Role Management
Information
• Entitlements Management
• Risk-Based Access Control
Infrastructure • Virtual Directories
Databases
Information Rights Management
Applications
Content
• Document-level access control
• All copies, regardless of location
(even beyond the firewall)
• Auditing and revocation
12. Oracle’s Identity Management
Comprehensive Suite of Best-Of-Breed Products
Identity Admin. Access Management Directory Services
Access Manager
Identity Manager Internet Directory
Adaptive Access Manager
Enterprise Single Sign-On
Role Manager Virtual Directory
Identity Federation
Entitlements Server
Audit & Compliance Manageability
Identity & Access Management Suite Enterprise Manager IdM Pack
13. Oracle Identity Administration
Sustainable Compliance With High ROI
E-Mail
Directory Server
Databases
& OS/Legacy
Identity & Role Reconciliation
HR Applications
Applications
Identity Data
Other Sources
Physical Security
14. Role Based User Provisioning
Oracle Identity Manager
GRANT
REVOKE
GRANT
REVOKE
GRANT
REVOKE
Employee HR System Approval Applications
Joins / Departs Workflows
• Automate Roles Based Provisioning / Deprovisioning
• Identify orphaned accounts
• Report on “Who has access to what”
• Self-service requests
16. Self Service and Delegated Admin
Delegated Admin Self-Service
Manager assigning proxy user User doing password reset
• Self Service Account Requests
• Delegated Administration
• Password Reset and Profile Management
17. Role Management
E-mail App
Business Role
General Ledger App
Assigned Project CRM App
Location UK Benefits App
• Centralized role management
• Role and rule-based provisioning
• Map business roles to IT roles & privileges
• Multi-dimensional role hierarchies
18. Oracle Access Management Suite
Centralized Security and Improved Business Agility
Kerberos &
Basic Auth. Single Sign On Across Enterprise Portals
Risk-based Strong Authentication
Secure Mutual
Authentication
Entitlements Management
Packaged Apps
Standards-based Federation
Biometric
Custom Apps
Smart Card
19. Entitlements Management
Before After
App
App
Application
Oracle Access
App
App
Management Suite
App
• Hard-coded security policies • Externalized entitlements
• Brittle policy management • Agile business policies
• Application policy silos • Centralized policy management
20. Challenges With Entitlements
• Are subject to massive proliferation & “creep”
• Need to rely upon lots of context before making a decision
• Must work hand-in-hand with your existing Identity Management and
Provisioning solutions
• Should be consistent across implementations
• Policies can and do evolve independently from your application’s
requirements
• Entitlements implemented inside your application code are hard to
change
Bottom Line:
Changing your policies means changing your applications
21. Risk-Based Access Control
Oracle Access Management Suite
Secure Mutual Risk-Based
Authentication Risk Scoring Authorization
Device
Geography
Time
Activity
• Real time fraud prevention
• “Auto Learning” behavior profiling
• Pattern and anomaly detection
22. Oracle Directory Services
Rapid Application Deployment Accelerates IT Agility
Any Application
Standard LDAP & Java APIs
Dynamically binds at Runtime Oracle Virtual
Directory
Virtualizes Access to Id-Stores
Id-
Directory Services Mgr.
Multiple DBMS Multiple Directories HR Applications Mainframe/Legacy
23. Audit And Compliance Features (1/2)
• Integrated architecture and data store
– High performance
– Integrate once for compliance and provisioning
– Aggregated audit and compliance data
– OOTB process automation integration
• Audit data capture
– User profile and group history
– User membership history
– User entitlement history
– Attestation review and action history
– Form versioning
– Workflow task status history
24. Audit And Compliance Features (2/2)
• Reporting framework
– Pluggable and customizable architecture for standard reports
– 3rd party reporting tools support
– Out-of-the-box reporting DB with 37 reports
• Attestation
– Entitlement review
– User centric and/or application centric reviews
– Out-of-the-box delegate and decline processes
– Fully integrated to workflow engine
• Denial access policy
– Prevention of non-compliant accounts and privileges
25. Web-Based Attestation
1 Set Up 2 3 Automated Action 4 Report Built
Reviewer Is Notified
Periodic
is taken based on And Results
Goes to Self Service
Review
Periodic Review Stored in DB
Reviewer Selections
Email
What Is Certify Result
Reviewed to User
?
Automatically
Reject Terminate User
Who Decline Notify the
Reviews It? Process Owner
Archive
Notify Delegated
Delegate
Reviewer
Attested Data
Attestation
Actions
Start When?
How Often? Comments Delegation Paths
26. Attestation
Certification Data Scheduling 360 Degree View
User Attributes Periodic Scheduling Business Glossary
Role Memberships Event Based Audit Exceptions
Role Based Attestation for On- Historical Data
Entitlement Grants Boarding, Transfers &
Termination Approval Data
Exception Entitlement Attestation
Grants Reminders &
Escalations Dashboards for
Role Definition Compliance Officers
Spreadsheet Exports
Role Entitlement Closed Loop
Mapping Remediation with OIM
Integration
27. Oracle Security Inside Out
Database Security
Identity Management
Information Rights Management
• Document-level access control
• All copies, regardless of location
(even beyond the firewall)
Information • Auditing and revocation
Infrastructure
Databases
Applications
Content
28. Information Rights Management
Securing Data Beyond the Application
Applications
Seal Distribute
Users
Oracle IRM Management Console Oracle IRM Desktop
Oracle IRM Server
Oracle RM Server
Automatic
sync of
rights/audit
Business Managers Secure offline
Audit cache
or IT Admins
Oracle Identity Management
29. Information Centric Security Solutions
Content
INFORMATION
RIGHTS Centralized Document Revocation (Digital Document Activity
Access Control Shredding) Monitoring and Audit
MANAGEMENT
Applications
IDENTITY
Identity Directory Access
AND ACCESS
Administration Services Management
MANAGEMENT
DATABASE Activity Access Control and Encryption and
SECURITY Monitoring Authorization Data Masking
Databases
30. Investing in Security Pays Off in Sustainable
Compliance
Enforce Controls
ENFORCE • Segregation of duties
MONITOR
CONTROLS • Access control
CONTROLS
Monitor Controls
• Who accessed what?
Oracle • Who changed what?
Security Solutions Streamline Processes
• Attestation / Recertification
Automate Reporting
AUTOMATE STREAMLINE • Out-of-the-box
REPORTING PROCESSES compliance reports
• Customized reports
31. Identity Management Market Leader
“Oracle is currently the IdM vendor to beat” “Oracle has established itself as Leader.”
- Burton VantagePoint 2008: Identity and Privacy Trends - The Forrester Wave: Identity And Access Management, Q1 2008
User Provisioning, H2 2008 Web Access Management, H2 2008
“Oracle assumes the
No. 1 position”
- Earl Perkins, Perry
Carpenter, Aug. 15 2008
(Research G00159740)
33. For More Information
Quote Attribution
Title, Company
Get Started Resources
• Visit the Oracle Fusion Middleware 11g web • Visit the Oracle IdM Website at:
site at http://oracle.com/identity
http://www.oracle.com/fusionmiddleware11g • Technical information available at:
• Oracle Fusion Middleware on oracle.com http://otn.oracle.com/
www.oracle.com/middleware • Talk to an Oracle IdM Specialist:
• Oracle Fusion Middleware on OTN 1-800-633-0738
http://otn.oracle.com/middleware • View demos, videos, iseminars
whitepapers: http://oracle.com/identity