<Insert Picture Here>

Introduction To Oracle Identity And Access Management (IAM)

Shujaat Ali Sr. Security Specialist, Public Sector Sales Consulting

Agenda
State of enterprise security and the need for IAM Oracle solutions Industry validations and customer success stories The future of Oracle IAM Summary and best practice Q&A

5 Questions to ask your CISO

Q: Whats posted on this monitor?

a password to financial application b phone messages c to-dos

Q: What determines your employees access?

a give Alice whatever Wally has b roles, attributes, and requests c whatever her manager says

Q: Who is the most privileged user in your enterprise?

a security administrator b CFO c the 3-peat summer intern who is now working for your competitor

Q: How secure is your identity data?

a It is in 18 different secured stores b We protect the admin passwords c Privacy? We dont hold credit card numbers

Q: How much are manual compliance controls costing your organization?

a nothing, no new headcount b dont ask c dont know

Todays IT Challenges

More Compliant Business

Increasing regulatory demands Increasing privacy concerns Business viability concerns

More Agile Business

More accessibility for employees, customers and partners Higher level of B2B integrations Faster reaction to changing requirements

More Secured Business

Organized crime Identity theft Intellectual property theft Constant global threats

State Of Security In Enterprise

Incomplete
Multiple point solutions from many vendors Disparate technologies that dont work together

Complex
Repeated point-to-point integrations Mostly manual operations

Non-compliant
Difficult to enforce consistent set of policies Difficult to measure compliance with those policies

Identity Management Values

Trusted and reliable security Efficient regulatory compliance Lower administrative and development costs Enable online business networks

Better end-user experience

Identity & Access Management

Access Control
Authentication & Authorization
Single Sign-On Federation

Identity Administration
Identity Lifecycle Administration
Role & Membership Administration Provisioning & Reconciliation

Directory Services
Virtualization Synchronization Storage

Web Services Security

Compliance Automation

Audit & Compliance

Audit Data Attestation Segregation of Duties Controls

Management
Service Levels Configuration Performance Automation

Oracle IAM Products

Access Control
Oracle Access Manager Oracle Enterprise Single Sign-On Oracle Identity Manager Oracle Identity Federation Oracle Web Services Manager Oracle Virtual Directory Oracle Internet Directory (with Directory Integration Platform)

Identity Administration

Directory Services

Audit & Compliance

Oracle Identity & Access Management Suite

Management
Oracle Enterprise Manager for Identity Management

Leader in
User Provisioning, 1H 2006

Magic Quadrants
Web Access Management, 2H 2006

Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Heterogeneous Support
Of all the large platform vendors, Oracle, Novell, CA and BMC seem the most committed to providing significant support for heterogeneous environments. - Ray Wagner, Gartner, October 2006

Portals

Application/Web Servers

Applications

Groupware

Directories

Operating Systems
ACF-2 & TSS RACF

Standards Support
Contribute and lead
SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Security) - Author SPML - Author XACML Voting member

Implement
Accelerate product development Simplify product integration & minimize TCO

Innovate
Enable Identity Services Framework: CARML, AAPML Standards for end-to-end security

Access Control

Authentication & Authorization

Single Sign-On

Federation

Web Services Security

Oracle Access Manager (Web)

Oracle eSSO Suite

(Desktop/Legacy)

Oracle Identity Federation

Oracle Web Services Manager

Oracle Access Manager

Benefits
Centralized and consistent security across heterogeneous environments Reduced administration cost Improved end user experience

Oracle Access Manager (Web)

Features
Web single-sign-on Common policy management Multi-level, multi-factor authentication management Self-service and delegated administration Workflow engine Web Services interfaces

Oracle Enterprise SSO

Benefits
Eliminates forgotten passwords for Windows desktop and applications Improves security & user experience Meet regulatory compliance

Oracle eSSO Suite

(Desktop/Legacy)

Features
Sign-on to any Windows, web, host, mainframe or Java application Use any combination of tokens, smart cards, biometrics and passwords Auto inactive session termination and application shutdown for shared workstation Reset Windows password directly from locked workstation

Oracle Identity Federation

Benefits
Secured integration with partners Reduced administration cost Improved end user experience

Oracle Identity Federation

Features
Seamless SSO and identity sharing Multi-protocol gateway SAML, Liberty, WS-Federation Service Provider or Identity Provider Flexible deployment configurations Standalone for use with pre-existing web-access management solution Protocol SDK for custom applications

Oracle Web Services Mgr.

Benefits

Oracle Web Services Manager

Quick and simple deployment Provide standard (J2EE) policy enforcement points Enable SLA definition and monitoring, quality of service reporting.

Features
Declarative policy (no coding) Rich library of pre-built policies Centralized policy management with local enforcement Supports WS-Security Integrated security for SOA Suite/Services infrastructure

Identity Administration

Lifecycle Administration

Role & Membership Administration

Provisioning & Reconciliation

Compliance Automation

Oracle Identity Manager

Oracle Identity Manager

Benefits
Reduced administration cost Cost effective regulatory compliance Improved security Improved service level

Oracle Identity Manager

Features
Identity life-cycle management for the heterogeneous enterprise Approval and provisioning workflows Role based access control Complete integration solutions: OOTB connectors & Adapter Factory Deep integration to ERP and HRMS Audit and compliance reporting and process automation

Directory Services

Virtualization

Synchronization

Storage

Oracle Virtual Directory

Oracle Directory Integration Platform

Oracle Internet Directory

Oracle Virtual Directory

Benefits
Rapid application deployment Tighter controls on identity data Real-time identity information access

Oracle Virtual Directory

Features
Modern Java & Web Services technology Virtualization, proxy, join & routing capabilities Superior extensibility Scalable multi-site administration Direct data access

Oracle Internet Directory

With Directory Integration Platform Benefits
Reduced operational cost with Oracle Grid support Seamless integration with Oracle applications and products

Oracle Internet Directory

Features
Full feature LDAP server with a RDBMS data-store Industry leading scalability and HA capabilities Strong Oracle platform integration VSLDAP certified and EAL4 compliant Entity level directory synchronization support for all major directory products (DIP)

Identity Audit & Compliance

Audit Data & Reporting

Attestation

Segregation Of Duties

Controls

Oracle Identity & Access Management Suite

Identity Audit & Compliance

Benefits

Oracle Identity Audit & Compliance

Cost effective compliance Enhance data integrity and auditability Real time and consistent enforcements Enable compliance to SOX, GLB, HIPAA, J-SOX, Comprehensive historical and temporal audit data Comprehensive operational and historical reports Attestation of entitlements Segregation of duties via denial policies Comprehensive system and exception logging Integration with Audit Vault, ICM, and 3rd party compliance products

Features

Management

Service Levels

Performance

Configuration

Automation

Oracle Enterprise Manager For Identity Management

Oracle Enterprise Manager

For Identity Management Benefits
Actively manage IdM service levels Rigorous management of IdM technology stack Simplified deployment, patching, and upgrade

Oracle Enterprise Manager

Features
Automated modeling of IAM components and infrastructure Define SLA, monitor and report Response time, throughput, usage metrics, Server, application, and user level metrics Automated discovery of IAM components and infrastructure Discover & track configuration attributes / values Installing, Patching, Upgrading, Cloning Development Test Production

Identity Management Customers

Some Sample References
Financial Services Retail & Services

Manufacturing & Transportation

Technology & Communications

Government & Public Sector

Healthcare

Oracle Confidential

Case Study Lehman Brothers

GLB & SOX Compliance

BUSINESS CHALLENGE Critical systems vulnerable to unmanaged & orphaned system accounts No detailed audit trails of each users access rights current and historical Reduce the cost of user administration from $30.00 per access modification Comply with external regulations Sarbanes Oxley & Gramm-Leach-Bliley Acts

ORACLE SOLUTION Lehman selected Oracle Identity Manager over IBM, Sun, and CA Very flexible (adaptable), open architecture simplified integration Integrated with 800+ business applications GUI-based business rule development

RESULTS Day one access lead time reduced to < 5 mins Knowing Who Has Access to What = Priceless Eliminated ghost accounts via reconciliation of local administrative changes across 650 managed systems Reduced compliance effort across 50 SOX-critical applications by 12 man weeks Award winning deployment

Case Study Southwest Airlines

Seamless B2B Integration & Low TCO

BUSINESS CHALLENGE Wanted to obtain engineering drawings, blueprints, color coding reports and other technical documents from the manufacturer via the Web Increase efficiency Reduce the business costs of transactions with the aircraft manufacturers

ORACLE SOLUTION Oracle Access Manager and Oracle Identity Federation Six week implementation 1st in airline industry to implement SAML

RESULTS Oracle Access Manager solution saves Southwest $30/month per employee 40k users for a total of $1.2 million per month. Also reduced equipment idle time at $15,000 per hour.

Case Study State of Delaware

Convergence of HR and Identity Data

BUSINESS CHALLENGE DTI wanted to provided 12000 state employees with self service HR capability. It also wanted to initiate eGovernment efforts to offer Delaware residents the ability to do common online tasks. Most of the self service tasks were manual and paper/fax based.

ORACLE SOLUTION Oracle Access Manager, Oracle Virtual Directory, and OID chosen over Sun and CA, May 2006 150K External Users, 12K Internal Users Oracle Solution works with IBM WebSphere midtier and PeopleSoft HR Oracle was able to demonstrate a web services based identity management solution

RESULTS User self service expected to lower cost and improve user adoption Improved security and efficiency by migrating manual self service tasks to an automated system

Looking Ahead
Oracle will broaden security product portfolio
Strategic priority for Oracle development Strong authentication, role management, compliance

From security silos to built-in security

Built into databases, middleware, enterprise applications Identity Services Framework

Project Fusion
Single security model across Enterprise Applications Suite Enforced uniformly at all parts of technology infrastructure Across entire life-cycle from development to maintenance

Identity Services Framework

Oracle Fusion Applications & Middleware Business Functions 3rd Party ISF Aware Applications Custom Developed ISF Aware Applications Business Functions Legacy Applications Business Functions Authentication User Authorization Management Federation Legacy Integration Interface Connectors, Agents

Business Functions

Oracle IAM Suite with Identity Services Framework

Service Interfaces WS-*, SPML, SAML, XACML, CARML Identity Services Authentication Authorization Provisioning Administration Identity Provider Role Provider Audit Federation & Trust

Enterprise Identity Management Infrastructure Policy & Orchestration Virtualization & User Store

Key Oracle Differentiators

Complete suite of best-of-breed products
Complete & best integrated identity management suite Includes compliance, virtualization and system management Market leadership validated by press and analysts

Proven for large scale deployments

Large, complex, and award winning deployments Broad customer base and use cases Large referenceable customer base

Best long-term investment

Strong support of open standards and hot-pluggable strategy Pre-integrated with Oracle products DB, middleware, apps Pre-integrated with over 50 applications and infrastructure Underpins Oracles next generation of Fusion Applications

Key To Successful IAM Projects

Establish the strategic nature of I&AM Focus on processes and people, technology is only an enabler Obtain executive support and buy-in Develop overall business requirements and a starting point directory, access management or provisioning Select software based on requirements of today and the future Follow a phased approach for integration of applications and different types of users Get developers on board early on for integration with consolidated authentication, authorization and identity services Put in place a comprehensive change management and communication plan