This document provides guidance on building a comprehensive identity roadmap. It recommends prioritizing initiatives based on complexity and assessing the existing identity infrastructure. Quick wins can be found in addressing orphaned accounts, role management, and implementing single sign-on and password management. The roadmap should plan for increasing maturity through user lifecycle management, role-based access controls, and risk analytics. It also suggests considering identity as a service hosted in the cloud.

1. <Insert Picture Here>
Building a Comprehensive Identity Roadmap

2. This document is for informational purposes. It is not a commitment
o deliver any material, code, or functionality, and should not be relie
pon in making purchasing decisions. The development, release,
nd timing of any features or functionality described in this documen
emains at the sole discretion of Oracle. This document in any form
oftware or printed matter, contains proprietary information that is th
xclusive property of Oracle. This document and information
ontained herein may not be disclosed, copied, reproduced or
istributed to anyone outside Oracle without prior written consent of
Oracle. This document is not part of your license agreement nor ca
be incorporated into any contractual agreement with Oracle or its
ubsidiaries or affiliates.

3. Agenda
• Getting Started
• Roadmap Complexity
• Quick Wins
• Increasing Maturity
• The Cloud

4. Building a Roadmap is Complicated
It’s Task of Prioritization and Opportunity Overlap
Business vs. Compliance
Application vs.
Owners Risk
Timeline
Multiple
&
Priorities
Deliverables

5. Assess The Business Opportunity
Compliance, Risk and Economic Opportunities
Security Efficiency Scale
3X
ulatory Compliance  User Productivity
nal Governance  Operational Cost
 New Customers
urity Risk  Opportunity Cost
 Quality of Servi

6. Look at Top Regulatory Audit Exposures
who • Aggregation of • Enforcing • Review • Conflicti
separated access strong regulated privilege
ave privileges passwords application busines
nts beyond job role regular user access and firewall
password reset attestation
ed Excessive Password Access Separatio
ts Access Aging Certification of Duties
out of 10 customers tackle the orphaned account issue first
ook at role management and analytics to address certification
Role based provisioning to address excessive access

7. Assess Existing Infrastructure
Gap of Current Capability vs. Desired Capability
inistration Authentication Authorization Audit
-boarding • Sign-on • Declarative • Entitlement
-boarding security review
• Password aging
f-service • Fine-grained • Role lifecycle
• Web-SSO entitlements
vileged • Access
• Password • Federated
cess remediation
management access
egated
min

8. Roadmap Capabilities to Maturity
Prioritize on Complexity and Control
Control
Risk Analytics
External
User Lifecycle Role Management
SOA Sec
User Self Service Adaptive Access
Single-Sign On
Password Management
Master User Index
Central Authentication
Complexity
LOW HIGH

9. Start with Figuring out Who’s Who
Corporate Directories are Low Hanging Fruit
for Convergence Opportunities
uce number of separate identity silos
Virtual
ansion Shared Services vs. LOB IT
mpliance and Security Requirements
Business Affiliates/
Subsidiaries
Storage Synch
Corporate
LDAP
“Convergence drives Unificat
Customer
LDAP
• Lower TCO
Employees/Partners/
Customers
Extranet
LOB
• Lower Administration Effort
LDAP
• Improved User Experience

10. Passwords Provide Quick Win
Quick ROI on Compliance and Reduce Risk
140% 12 months
ROI Payback period
50% Of Help Desk Calls are
Password Related
$40 Average Cost of Every Call to
Help Desk Change Password
Source: ESSO Buyer’s Guide:, Sep 2011
86% Of Hacking Involve Lost, Stole
or Weak Credentials
Verizon Data Breach Report , 2010
Link: http://bit.ly/OperantConditioning

11. Address Internal Governance
Administration and Risk Analytics
Accountability for access
User
Measuring effectiveness & risk
Provisioning
Prevent audit violations
Sustainable audit process Certificatio
Coverage across systems Review

12. Declarative Security & External Authorization
Secure SOA, Portals, Data and Home Grown Apps
• • Protect Your Data
•
App
• Secure Transactions
• • Central Audit Control
App
• • SoD Checking
• • Role Based Access
•
App

13. Administration: Connect it All
Shopping Cart Convenience
• User Satisfaction
• Reduce Helpdesk Cos
• Audit Trail
Roles, • Track Access Privilege
Entitlements,
og
Apps • Standardize Workflow
Cart
• Simplify New Service
Rollout
Users
Managers

14. Become Context Aware
Prevent and Detect Anomalous Behavior
Reducing Surface Area of
Attacks
89%
Preventable
Breaches
ROI Payback period Total benefits Total costs Net benefits
106% 12.1 months $6,007,641 ($2,912,513) $3,095,129
ource: “Adaptive Access Management: An ROI Study” a commissioned study conducted by IDC on behalf of Oracle,
2010

15. Dimensions of Cloud Identity Management
Are you building Do you need IdM but don
e you using cloud c want to maintain it?
apps? c cloud apps?
dentity as a Identity as a Identity Hosted a
idge to Cloud Foundation for Cloud a Cloud Service

16. dentity Management Bridges the Gap
Adaptive Access
d
• Context / Risk Aw
Administration
• Anomaly Detectio
• Role Mgmt
• Fraud Detection
• Provisioning
d Cloud
Access • Identity Analytics
• Single-sign on • Certification
Scalable Repository • Password policy
• Identity Synch • Authorization policy
• Entitlements Risk Managem
• Identity Virtualization
use Cloud • Reporting Audit
Administration
AuthN and AuthZ
Identity
Tools Point Solutions Platform Intellige

17. Summary
rioritize Based on Complexity
ssess Existing Infrastructure
ook For Quick Wins
lan For Cloud

18. www.oracle.com/Identity
www.facebook.com/OracleIDM
www.twitter.com/OracleIDM
blogs.oracle.com/OracleIDM