Professional Documents
Culture Documents
Agenda
State of enterprise security and the need for IAM Oracle solutions Industry validations and customer success stories The future of Oracle IAM Summary and best practice Q&A
Todays IT Challenges
Complex
Repeated point-to-point integrations Mostly manual operations
Non-compliant
Difficult to enforce consistent set of policies Difficult to measure compliance with those policies
Identity Administration
Identity Lifecycle Administration
Role & Membership Administration Provisioning & Reconciliation
Directory Services
Virtualization Synchronization Storage
Compliance Automation
Management
Service Levels Configuration Performance Automation
Identity Administration
Directory Services
Management
Oracle Enterprise Manager for Identity Management
Leader in
User Provisioning, 1H 2006
Magic Quadrants
Web Access Management, 2H 2006
Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Heterogeneous Support
Of all the large platform vendors, Oracle, Novell, CA and BMC seem the most committed to providing significant support for heterogeneous environments. - Ray Wagner, Gartner, October 2006
Portals
Application/Web Servers
Applications
Groupware
Directories
Operating Systems
ACF-2 & TSS RACF
Standards Support
Contribute and lead
SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Security) - Author SPML - Author XACML Voting member
Implement
Accelerate product development Simplify product integration & minimize TCO
Innovate
Enable Identity Services Framework: CARML, AAPML Standards for end-to-end security
Access Control
Single Sign-On
Federation
Features
Web single-sign-on Common policy management Multi-level, multi-factor authentication management Self-service and delegated administration Workflow engine Web Services interfaces
Features
Sign-on to any Windows, web, host, mainframe or Java application Use any combination of tokens, smart cards, biometrics and passwords Auto inactive session termination and application shutdown for shared workstation Reset Windows password directly from locked workstation
Features
Seamless SSO and identity sharing Multi-protocol gateway SAML, Liberty, WS-Federation Service Provider or Identity Provider Flexible deployment configurations Standalone for use with pre-existing web-access management solution Protocol SDK for custom applications
Quick and simple deployment Provide standard (J2EE) policy enforcement points Enable SLA definition and monitoring, quality of service reporting.
Features
Declarative policy (no coding) Rich library of pre-built policies Centralized policy management with local enforcement Supports WS-Security Integrated security for SOA Suite/Services infrastructure
Identity Administration
Lifecycle Administration
Compliance Automation
Features
Identity life-cycle management for the heterogeneous enterprise Approval and provisioning workflows Role based access control Complete integration solutions: OOTB connectors & Adapter Factory Deep integration to ERP and HRMS Audit and compliance reporting and process automation
Directory Services
Virtualization
Synchronization
Storage
Features
Modern Java & Web Services technology Virtualization, proxy, join & routing capabilities Superior extensibility Scalable multi-site administration Direct data access
Features
Full feature LDAP server with a RDBMS data-store Industry leading scalability and HA capabilities Strong Oracle platform integration VSLDAP certified and EAL4 compliant Entity level directory synchronization support for all major directory products (DIP)
Attestation
Segregation Of Duties
Controls
Cost effective compliance Enhance data integrity and auditability Real time and consistent enforcements Enable compliance to SOX, GLB, HIPAA, J-SOX, Comprehensive historical and temporal audit data Comprehensive operational and historical reports Attestation of entitlements Segregation of duties via denial policies Comprehensive system and exception logging Integration with Audit Vault, ICM, and 3rd party compliance products
Features
Management
Service Levels
Performance
Configuration
Automation
Features
Automated modeling of IAM components and infrastructure Define SLA, monitor and report Response time, throughput, usage metrics, Server, application, and user level metrics Automated discovery of IAM components and infrastructure Discover & track configuration attributes / values Installing, Patching, Upgrading, Cloning Development Test Production
Healthcare
Oracle Confidential
BUSINESS CHALLENGE Critical systems vulnerable to unmanaged & orphaned system accounts No detailed audit trails of each users access rights current and historical Reduce the cost of user administration from $30.00 per access modification Comply with external regulations Sarbanes Oxley & Gramm-Leach-Bliley Acts
ORACLE SOLUTION Lehman selected Oracle Identity Manager over IBM, Sun, and CA Very flexible (adaptable), open architecture simplified integration Integrated with 800+ business applications GUI-based business rule development
RESULTS Day one access lead time reduced to < 5 mins Knowing Who Has Access to What = Priceless Eliminated ghost accounts via reconciliation of local administrative changes across 650 managed systems Reduced compliance effort across 50 SOX-critical applications by 12 man weeks Award winning deployment
BUSINESS CHALLENGE Wanted to obtain engineering drawings, blueprints, color coding reports and other technical documents from the manufacturer via the Web Increase efficiency Reduce the business costs of transactions with the aircraft manufacturers
ORACLE SOLUTION Oracle Access Manager and Oracle Identity Federation Six week implementation 1st in airline industry to implement SAML
RESULTS Oracle Access Manager solution saves Southwest $30/month per employee 40k users for a total of $1.2 million per month. Also reduced equipment idle time at $15,000 per hour.
BUSINESS CHALLENGE DTI wanted to provided 12000 state employees with self service HR capability. It also wanted to initiate eGovernment efforts to offer Delaware residents the ability to do common online tasks. Most of the self service tasks were manual and paper/fax based.
ORACLE SOLUTION Oracle Access Manager, Oracle Virtual Directory, and OID chosen over Sun and CA, May 2006 150K External Users, 12K Internal Users Oracle Solution works with IBM WebSphere midtier and PeopleSoft HR Oracle was able to demonstrate a web services based identity management solution
RESULTS User self service expected to lower cost and improve user adoption Improved security and efficiency by migrating manual self service tasks to an automated system
Looking Ahead
Oracle will broaden security product portfolio
Strategic priority for Oracle development Strong authentication, role management, compliance
Project Fusion
Single security model across Enterprise Applications Suite Enforced uniformly at all parts of technology infrastructure Across entire life-cycle from development to maintenance
Business Functions
Enterprise Identity Management Infrastructure Policy & Orchestration Virtualization & User Store