<Insert Picture Here> Leverage. Extend. Automate. Protect.

“Leap Forward”
with Oracle Identity Management
Chris Fox, CISSP | Principal Security Consultant | chris.fox@oracle.com
 The following is intended to outline our
general product direction. It is intended for
information purposes only, and may not be
incorporated into any contract. It is not a
commitment to deliver any material, code, or
functionality, and should not be relied upon
in making purchasing decisions.
The development, release, and timing of any
features or functionality described for
Oracle’s products remains at the sole
discretion of Oracle.

2
 “Leap Forward” with
Oracle Identity Management for

• Leverage – Your Oracle Application investment

• Extend – Its capabilities to solve common security problems,

drive down costs and boost end user productivity

• Automate – Costly and Time-Consuming User Management,

User Access, Access Recertification and Reporting processes

• Protect – Your Oracle Application “to the Core” with strong

access controls, segregation of duties and data protection

Leverage Extend Automate Protect

 Oracle IDM Drives Productivity!
Annual Minutes Required for Identity
Management & Related Audit Requirements Productivity
Annual Cost Comparison, Business-as-Usual vs.
14,000,000
Oracle IDM
12,000,000 User
$8,000,000 Satisfaction
10,000,000
$7,000,000
Minutes

$6,000,000
8,000,000
$5,000,000
6,000,000 Identity &
$4,000,000
4,000,000
$3,000,000
Audit Costs
$2,000,000
2,000,000
Down 55%
$1,000,000-
$-
Year 1 Year 2 Year 3 Year 4 Identity & Audit Tasks:
Year 1 Year 2 Year 3 Year 4
• User Administration
Business-as-Usual Oracle IDM • Password Reset
Business-as-Usual Oracle IDM • Internal Audit

$7.4M Savings over 4 Years

$3M Year-Over-Year Savings Year Once Fully
4 Deployed!
Leverage Extend Automate Protect
 Today’s Agenda

• Security + Compliance Issues Application Customers Face

• Solving Issues with Oracle Identity Management and Security

• Automating User & Password Management
• Simplifying Sign On & Centralizing Access Management
• Streamline Governance, Risk and Compliance

• ‘Real World’ Case Studies

• Oracle Application customers using Identity Management today?

5
 Leverage.

6
 Oracle Applications are a Great
Foundation!

Develop
Contracts Market
Projects Sell

HCM Order

Finance Plan
Maintain Procure
Service Make
Fulfill

Leverage Extend Automate Protect

 Human Capital Management At-a-Glance

Labor Workforce Mgmt Post

Sourcing Employment
Demand Forecasting Termination
Recruiting Re-Hires
Contractor Hiring People Services Benefits
Supplier Relations Deployment Labor Relations References
Offer Negotiations Development Compliance Records
On-Boarding Compensation Organization

Managers Contractors
Employees Former Employees

“Success of strategic business initiatives often depends on

identification, development, and ongoing management of
work skills & professional expertise, leading to accelerated achievement of
strategic objectives.”
-- Jennifer Volmer, Research Analyst
8
 Overall Business Pressures
Aging & Retiring Workforce
• How can I attract workers with
key competencies & skills?
• How can I develop an agile
workforce to support my
changing business?
Governance & Compliance
• How can I keep pace with
changing privacy laws & safety
regulations?
• How can I gain greater control of
processes, data, and approvals?

Workforce
Labor Post
Sourcing Employment
Management

Emerging Markets, Reduce Costs While

New Organizations
• What is the best way to service an
increasingly global workforce?
• How can I simplify complex
processes across the organization?
Improving HR Service
• Where can I cut costs & improve
workforce mgmt efficiencies?
• How can I manage and improve
workforce utilization?

9
 “Top Security Issues”

Managing User Access Governance,

Users and and Password Risk and
Entitlements Management Compliance

10

Leverage Extend Automate Protect

 Issue #1: Managing Users and Entitlements

1 Creating user accounts and granting fine-grained

entitlements (Roles, Responsibilities) is manual and costly

2 Transfers are hard to handle and removing excessive

privileges doesn’t happen fast enough

3 Requesting new user access is a manual effort that takes

too long

4 Access approvals are manual, email-driven, aren’t unique

for the access request and aren’t auditable

5 Removing user access and entitlements upon termination

takes too long and has lots of spot issues
11

Leverage Extend Automate Protect

 Issue #2: Access and Password Management

1 We want to make access to applications easier by

either using SSO or the user’s AD password

2 Users forget their passwords, we need a way for them

to reset it themselves

3 We’d like to use SSO, but have to be sure we know who

the user is and prevent fraud

4 We’d like to expose our applications externally to all

users over the web vs. VPN but don’t have confidence

5 We need fine-grained access control of application

data (at the UI and database levels)

12

Leverage Extend Automate Protect

 Issue #3: Governance, Risk and Compliance

1 “Who has” and “Who had access to what?” and “Why?”

reports are manual and sometimes impossible

2 Segregation of Duties (SoD) within the application is

difficult to achieve even at a ‘detective’ level

3 Orphaned/ghost accounts are very hard detect and

eliminate. There could be hundreds or thousands?

4 We can’t ensure the protection of our application’s

database data and prove controls are working

5 Out of all these issues, “Periodic Access Reviews” are

the most complex, costly and time-intensive task

13

Leverage Extend Automate Protect

 We know the “Real World” Isn’t Easy!

14

Leverage Extend Automate Protect

 What Application Customers Are Asking For…
• Business Users
• Need User Accounts and Entitlements As Fast As Possible
• Want Simplified Access To ALL Applications
Business Users • Minimize or Synchronize the passwords

• IT Personnel
• Needs Help Simplifying User Management For:
• Employees
• Customers
IT Personnel • Partners
• Want to workflow to automate manual processes
• Need Tools To Manage IT Systems With Less Effort
• Information Security and Audit
• Need To Understand Risk And What To Protect
• Want to Protect Data From Compromise
• Looking to Review User Access in less time
Info Security
and Audit • Need Reports For “Who Has (And Had) Access To What?”
15

Leverage Extend Automate Protect

 Extend.

16
 We Can Fix These Issues Today

Automate Web-Based
User & Periodic
Responsibili Access
ty Review
Manageme
Secure, nt Preventa
Automate Risk- tive Protect
Based Segregati
Single Sign on of
On Duties
Self Service Controls
Strong
Password
Access
Reset and
Controls and
Account
Data
Requests
Protection

17

Leverage Extend Automate Protect

 “Securing, Automating and Auditing”
l i a n t!
Oracle Applications omp
Get C
Data Protection

c t i ve! Periodic
“Edge to Core”

ro d u Segregation
Access Review
security of

Get P User
of Duties Web-Based, application
Interface used data ensures
Self Service “Preventative to schedule, users only get
Risk-Based and Detective”
SSO delegate, track, access to what
Web-based SoD ensure
Role-Based complete and they need
Users access to home page for compliance and
Access view reports for
apps on Day 1 requesting new reports are audit
HR-Driven User Automatically using SSO and access rights generated for
Mgmt grant User optional strong and changing audit
rights and authentication passwords
Automatically
generate that employs
on-board,
auditable risk analytics
transfer and
approval
off-board users
workflows
based on HR
events

18

Leverage Extend Automate Protect

 Oracle IdM is “Certified and Ready”

Access
Manager
Adaptive Access
Manager
Identity
Federation
Entitlement
Server
In Progress In Progress In Progress In Progress

Enterprise SSO
Suite
Identity
Manager
Role
Manager

Internet
Directory
Virtual
Directory

Web Services
Manager

19

Out-of-The-Box Connectors Certified Interoperability

 Automate.

20
 How Do We ‘Automate Security’?

Automate Web-Based
User & Periodic
Responsibili Access
ty Review
Manageme
Secure, nt Preventa
Automate Risk- tive
Based Segregati
Single Sign on of
On Duties
Self Service Controls
Strong
Password
Access
Reset and
Controls and
Account
Data
Requests
Protection

21

Leverage Extend Automate Protect

 Automated User and Responsibility Management

Automate
User &
Responsibili
ty
Manageme
nt
Issue to Address Solution
Creating user accounts and granting them the
Entitlements they need is manual and costly
Transfers are hard to handle. Termination of Oracle Identity
unused privileges isn’t happing fast enough Manager
Removing access and entitlements upon
termination takes too long and has spot issues
Option:
Orphaned/ghost accounts are very hard detect Oracle Role
and eliminate. There could be thousands? Manager
22

Leverage Extend Automate Protect

 Automatic User and Responsibilities Mgmt
‘Single Global Instance’ of All Users

User Account
and Entitlements
HR & Biz Oracle Identity Created/Modified
Applications Manager
‘Event-Driven’
Identity
Management
On-board, Transfer, Update,
Applications
Off-board Users
Add and Remove
EBS Responsibilities
Password Directories
Update and Synchronization

‘Certified’ EBS Integration

Other Sources
Flat Files
Databases
Databases 1. Pull lists of Who
Directories is in each system

1. Periodically Check for

Oracle Rogue Identities
Database
3. Remove Identities
and/or Entitlements

23

Leverage Extend Automate Protect

 Automatic User and Entitlement Mgmt
‘Single Global Instance’ of All Users

24
 Automatic User and Entitlement Mgmt
‘Single Global Instance’ of All Users

25
 Manage Roles, Approvers & Orgs HR and Other
Oracle Role Manager Applications

Oracle Role
Manager
Oracle Identity
Role Mining Manager
MAPS:
Account Reconciliation
Business Roles TO Role Management
Account Provisioning
IT/System Roles TO Organization and Hierarchy
Management Entitlement Management
Entitlements TO
Approval Workflows
Approvers “Who is the Approver?”

Reports

Go To Identity Manger’s
Reports Reports Reports Self-Service and
Approve Chris’
Reports Reports Reports Reports Request?
Applications Directories Org Hierarchies Directories Applications Databases
26

Leverage Extend Automate Protect

 Manage Roles, Approvers & Orgs
Oracle Role Manager

Oracle Role
Manager

Role Mining

Role Management
Organization and Hierarchy
Management

“Who is the Approver?”

27

Leverage Extend Automate Protect

 IDM Impact on User Management

Key Takeaways
Business Days Prior to Beginning of Class that
Business Days Required for • Then: 10 business days for
Enrollement Closed
account creation/modification
New Account Creation
and sometimes termination!
12
• Now: Under 1 day (could be
10 real-time without approvals)
8 • Results:
• Improved Customer Service
6
• Reduced Cost
4

0
Before Oracle IDM Today
Implementation

28
 ‘Automated Security’ for Oracle Applications

Automate
User &
Responsibili
ty
Manageme
Secure, nt
Automate Risk-
Based
Single Sign
On
Self Service
Password
Reset and
Account
Requests

29

Leverage Extend Automate Protect

 Secure, Risk-Based, Single Sign On

Solution

Option #1:
Oracle
Directory Services

Secure, Option #2:

Issue to Address
Risk- Other Access
Based Suite Components
We want to make access to Apps
Single Signeasier by
either using SSO or the user’s
On AD password Oracle
We’d like to use SSO, but have to be sure we Access Manager &
know who the user is and prevent fraud Adaptive Access
Manager
We’d like to expose more functionality
externally but want higher levels of security
Option #3:
Enterprise SSO
Suite
30

Leverage Extend Automate Protect

 Enable Single Sign-On
Oracle Access Manager (with/without OSSO)

Desktop Login

Oracle Access
Manager
Applications
Extranet & Intranet SSO

Self Service Registration

Directories

Audit User Access

Employees Optional “Bolt-On”
Stronger Authentication Databases

Corporate Directory
31

Leverage Extend Automate Protect

 Automating User Sign-On

32
 ‘Bolt-On’ Fraud Prevention and Strong AuthN
Oracle Adaptive Access Manager

User
Adaptive
Access
Suppliers Location Device
Manager
What A User Knows
Computed
(Pin, Password, Challenge Questions)
Risk

Oracle Access
What A User Has
(DeviceScore
Fingerprinting)

Manager
Employees
What a User Does Applications
(Behavior Pattern + Profiling)

Where a User Is
(Geo-Location Checking)

Customers

Prevents: Phishing, Pharming, Trojans, Key logging, Proxy Attacks, Insider threats

33

Leverage Extend Automate Protect

 Case Study – Monster

BUSINESS CHALLENGE ORACLE SOLUTION

• In August 2007, an automated attack was launched
on Monster using compromised recruiter
credentials which captured info on nearly 1.3M
users.
• Monster has a current catalog of nearly 1M job ads
and a database of 34M resumes.
• To preserve brand image without disrupting user
behavior, Monster needed to protect users profile
information and other phishing/pharming scams.
• Must support 18+ Million Users
• Oracle Adaptive Access Manager was chosen
over RSA
• OAAM was able to focus on differentiating
humans from automated (bot or trojan)
authentication attempts and fraud
detection
• Integrates into the Monster application
framework
• Leverage “black lists” provided by
Symantec DeepSight threat management
service

RESULTS

• Expect to have a more secure site without altering end user experience
• Expect to restore brand image by providing stronger form of authentication

34
 ‘Automated Security’ for Oracle Applications

Automate
User &
Responsibili
ty
Manageme
Secure, nt
Automate Risk-
Based
Single Sign
On
Self Service
Password
Reset and
Account
Requests

35

Leverage Extend Automate Protect

 Self Service Password Reset & Account Requests

Issue to Address Solution

Requesting new entitlements on each system is

a manual effort that takes too long
Self Service
Approval for new entitlementsPassword
is a manual Oracle Identity
effort and isn’t auditable Reset and Manager
Account
App users forget their password all the time, we
need a way for them to reset Requests
it themselves

36

Leverage Extend Automate Protect

 Web Based, User Self Service
Oracle Identity Manager

Add Responsibilities

Oracle Identity Change Password

Manager

Self Request & Removal of Applications

Responsibilities
Dynamic Approval Routing
per Responsibility
Manager Self Service Directories
to complete Approvals
Employees Self Service Password Reset
Contractors Remove
Suppliers Responsibilities Databases

Oracle
Database

37

Leverage Extend Automate Protect

 Options for Obtaining Responsibilities
Web-Based Example
Approval Policy Via ‘Manager and
Web-Based Self IT Owner
Creation & Request Approval’
Modification
Applications

Employees

Automatically
Rules/Roles
via Rules Engine Directories

Contractors

Admin
Databases
Adds/Removes
From their site, users
Responsibility
Customers review who needs todirectly
approve each request

38
 Impact on ‘Approvals’ for System Access

Average Time in Days to Grant Systems Access

Key Takeaways
3 • Then: User access
approvals took 2-3 days
2.5
• Without access, user
2
could not begin to work
1.5

1 • Now: Approving User

0.5 access takes

0
30 minutes or less
Before Oracle IDM After Oracle IDM and is auditable!

The decline in hours reflects

increased process efficiency
39
 The Impact of IDM!

Annual Value Realized Due to Oracle IDM Annual Staff Hours Recovered Through Oracle IDM
Implementation
16,000
$500,000 14,000
12,000 Back to School
$400,000 Orphaned Accounts
10,000
$300,000 Password Reset
Password Reset 8,000

$200,000 6,000 Customer Access

Customer Access Management
4,000
$100,000 Management
2,000
$- -
Costs Eliminated Cost Avoidance Annual Hours Recovered

Key Takeaways
• $582,492 realized annually in cost savings or cost avoidance
• More than 13,000 staff hours recovered annually
• Significant improvements in user customer service &
customer satisfaction

40
 Protect.

41
 ‘Lock Down and Protect’ Applications

Automate Web-Based
User & Periodic
Responsibili Access
ty Review
Manageme
Secure, nt Preventa
Automate Risk- tive Protect
Based Segregati
Single Sign on of
On Duties
Self Service Controls
Strong
Password
Access
Reset and
Controls and
Account
Data
Requests
Protection

42

Leverage Extend Automate Protect

 Strong Access Controls and Data Protection

Solution

Web Tier
Oracle Access
Suite
Application
(Internal)
Issue to Address Identity Manager
and GRC Controls
We need fine-grained access control of
application data (at the UI and database levels) Oracle Database
Strong Database Security
We can’t ensure the protection of our App & Access IdM Suite
database data and prove controls are working
Controls and
Data Unix Host OS
Protection Oracle
Application
Services for OS
43

Leverage Extend Automate Protect

 Protecting Oracle Applications
Top to Bottom Security

Protect the “Front

Door” and provide
strong Fraud
prevention using Web
Oracle’s Access Server
Management Suite
Automatically add,
Enterprise
Portals modify and remove
user accounts and
Embed Fine-Grained entitlements using
Access controls down Oracle Identity
to the field level using Oracle
Applications Manager
Oracle Application
Access Controls
Governor Secure sensitive data
within the database with
Oracle Oracle Database Security
Database Options
Centralize OS User
management and SUDO
Policies using
Linux/Unix
Oracle Authentication
Services for Operating
Systems

44

Leverage Extend Automate Protect

 Protecting Application Data
GRC Controls Masking sensitive data & Restricting access to actions

Embedded preventive controls restricts access to sensitive data

and critical actions proactively using native application interfaces
and workflow technology

Employee Update

Name John Doe

Address 123 Main St

Center City, NY 12345

SSN XXX-XX-XXXXX

Salary $ 53,000.00

Supervisor Mary Smith

OK Cancel

Employees can only view the Conceal SSN number if Disable Invoice Approval for
salary field (can’t update) User is NOT from HR dept Invoices created by same user

45

Leverage Extend Automate Protect

 Protecting Oracle Applications
Database Security

‘Clone
d’
LNAME Databa
SSN SALARY


se
LJOH 111-56-9876 $125,000
TDPQQ 111-76-1234 $229,500 Database Operational Data DBA /
TNJQI 111-78-2198 $ 53,700 Protect Data from Vault
DBA Manager


Protect Data View and Alteration
Anonymize in Motion with as well as Insider Select SALARY
from users;
X 
sensitive Network Threat using
Test & Dev Alter system.
 X
Encryption using Database Vault Alter table..
data using Advanced Security * Example roles and privs
Data Masking Option
Secured
Production
Databas Operational
Database
e
Alter table …. DBA
Consolidate
Database Audit Select SALARY from USERS;
data using
Audit Vault

Protect User and Sensitive Data LNAME SSN SALARY

KING  
123-45-6789   
$125,000
at Rest by Encrypting Database
SCOTT 987-65-4321
  $229,500
  
Securely Backup Data To
Columns using SMITH 345-67-8912

  $ 
53,700
Advanced Security Option Tape with Secure Backup
LNAME CREDIT_CARD EXP_DATE
46 KING 1234-5678-9123 04-2010
SCOTT 2345-6789-4321 09-2012
SMITH 9876-5432-1987 01-2011
Leverage Extend Automate Protect
 ‘Lock Down and Protect’ Applications

Web-Based
Periodic
Access
Review
Preventa
tive Protect
Segregati
on of
Duties
Controls
Strong
Access
Controls and
Data
Protection

47

Leverage Extend Automate Protect

 Preventative + Detective Segregation of Duties

Web-Based
Periodic
Access
Review
Preventa
tive
Issue to Address Segregati
Solution
on of
Duties
Controls Oracle
Segregation of Duties (SoD) within Applications Identity Manager
is difficult to achieve even at a ‘detective’ level
We want both Preventative & Detective SoD of Oracle Application
Application entitlements Access Controls
Governor
48

Leverage Extend Automate Protect

 What is Segregation of Duties (SoD)? EBS
Application User

• SOD refers to the separation

of business activities that a Role

single person may initiate

and/or validate, in order to
limit or prevent erroneous or Responsibility
fraudulent activities

• Business activities are Menu

enabled through the
respective access points
within an application
Submenu

• Examples:
• Create Invoices Function
SubMenu/
Function

• Post Journal Entries

• Make Payments…
Etc.

49

Leverage Extend Automate Protect

 PeopleSoft Access & SOD Challenges

Evaluate User Access

User Profile • Test by User Profile
• Test by Page
Role

Permission List

Menu

Manage Component
Segregation of Duties
• Identify incompatible Privileges Page
(i.e. Pages)

50
 IDM and GRC Working Together
SOD and Rogue Activity Detection and Remediation

GRC IDENTITY MANAGEMENT

! Account or
 Out-of-bounds
Entitlement Account or
Added out-of-bounds Responsibility
Removed

Account
Responsibility
Enforce SoD Policy Deprovisioned
Violation Event Deprovision
Detection Oracle Analysis
Assign
Access Controls Oracle Identity
Entitlements
Remediation
and Alert Governor Task toManager
Remediate
the Violation

51

Leverage Extend Automate Protect

 ‘Lock Down and Protect’ Applications

Web-Based
Periodic
Access
Review
Preventa
tive Protect
Segregati
on of
Duties
Controls
Strong
Access
Controls and
Data
Protection

52

Leverage Extend Automate Protect

 Web-Based Periodic Access Review

Web-Based
Periodic
Access
Review

Issue to Address Solution

“Who has” & “Who had access to what?” and
“Why?” reports is manual and time consuming
We can’t detect and eliminate orphaned/ghost Oracle
accounts. There could be thousands? Identity Manager
Out of all these issues, periodic access reviews
are the most complex, costly & time consuming
Option:
GRC Suite

53

Leverage Extend Automate Protect

 Periodic Reviews and Compliance Reporting
Complete System Right Out-of-the-Box

Oracle Identity
Manager

“Web-Based & Actionable”

Periodic Access Review Applications

Reports – Current & Historic

“Who Has Access to What?”
Reports – “Who Approved
Each Access Request?” Directories

Employees & Rogue Account Detection,

Contractors Reporting & Removal
Oracle BI Publisher for Databases
Managers Compliance Reporting

Resource
Owners
Oracle
Security & Database
Auditors
54

Leverage Extend Automate Protect

 Web-Based “Actionable” Access Reviews
1 Set Up 2 Reviewer Is Notified
Goes to Attestation
3 Automated Action
is taken based on
4 Results are
Periodic Stored in DB
Review Web Site Periodic Review

Reviewer
Selections

What User or Certify

Email Result
Responsibility to User
Should be
Reviewed?
Reject
Automatically
Terminate User

Who Should Decline

Review It? Notify the
Process Owner Archive
Attested Data
Delegate Attestation Actions
Delegation Paths
When Does It Notify Delegated
Reviewer
Start and
Comments
How Often?

55

Leverage Extend Automate Protect

 22 Out-of-the-Box “Current State” Reports

56

Leverage Extend Automate Protect

 13 Out-of-the-Box “Historical” Reports

57

Leverage Extend Automate Protect

 Unified Compliance Reporting
Using Oracle BI Publisher

1 Pull Data 2 Business User Creates/Edits

Layout Using Common
3 Output to
Desired
4 Send to
from Source Destinations
Office and Adobe Tools Formats

PDF
Oracle Oracle E-mail
Identity Mgmt BI Publisher RTF

Pre-Built Identity Reports HTML

Printer
Edit/Design Reports using Excel
Oracle
GRC Systems Office tools and Web
XML
Publish Reports for Audit
Fax
EDI
Schedule and Burst Reports
Oracle Database
Security Options EFT

Office Adobe Web Storage

58

Leverage Extend Automate Protect

 Leverage.

59
 Provision & Access Accounts ‘Enterprise-Wide’

HR & Biz Applications

Applications
Suppliers

Databases & OS/Legacy

Oracle Access
Oracle Identity

Manager
Employees
Manager

Other Sources
Flat Files E-Mail
Databases
Directories

Portals
Customers

Physical Items
60

Leverage Extend Automate Protect

 IdM + Security Is Strategic To Oracle

• Oracle IdM is helping customers today!!

• IdM will be the core Security infrastructure

for Fusion Applications

• IdM + GRC + Database Security strategy enables our

customers to deploy a complete “Oracle Security Stack”

• IdM has Pre-Built, Out-of-the-Box integrations with:

• Core Business Systems – E-Business Suite, Other ORCL & Non-ORCL
• Data Stores – Databases, Directories, File Files, Etc
• Operating Systems - UNIX/Linux, Windows, Mainframe
61

Leverage Extend Automate Protect

 Oracle’s Security & Compliance Strategy

What Do The Analysts Think?

62

Leverage Extend Automate Protect

 Oracle is #1 in IDM with “Big 3” Analysts!!

Magic Quadrant March 2008 – VantagePoint “The Forrester Wave™

for User Provisioning, 2H08 Identity and Privacy Trends in Identity And Access
Enterprise IT Management, Q1 2008”

Oracle IDM is the “Best and Safest Choice” for Oracle customers
63

Leverage Extend Automate Protect

 Case Studies

64
 Customers Success with Oracle IDM
Benefits They Are Receiving

• PeopleSoft HR as source of truth for identity

• Eliminated > 90% of ghost, orphaned and rogue accounts
• Self-service password management reduced help desk calls

• Over $750,000 annual savings in help desk cost

• Saving $500,000 (400 hours/month) on SAP administration
• High quality IT compliance data for core SOX applications

• Over 1,000 applications under centralized management

• Comprehensive “Who has (and had) access to what” database for
compliance and process automation
• “Near Zero” wait for new resources

• Embedded Application “Preventive, Detective and Contextual”

Controls manage over 358 Business Processes
• 42% reduction in external auditor testing
• Less than 5 months payback period

65
 Case Study – Cisco Systems

BUSINESS CHALLENGE ORACLE SOLUTION

• Needed to move away from the multiple IdM silos
within Cisco. Doing a complete re-architecture of
current web and provisioning process due to recent
acquisitions of WebEx, Linksys and Scientific Atlanta
• Cisco needed a single identity system to manage
access to applications, provision users, and manage
the user role and lifecycle across their various
companies, business partners and employee base.
• Oracle Identity Manager Q4FY07
• Oracle Access Manager and Oracle Identity
Federation - Oracle Access Manager replaces
CA Siteminder Q3FY08
• Cisco is building their entire next generation
Enterprise Identity and Access Management
platform around the Oracle IdM stack

RESULTS
• Oracle IdM will tie the Apps to GRC, SOD & DB for compliance and reporting
• Oracle can help automate many manual provisioning tasks for ROI benefits
• Oracle can provide a strong Security Shared Services Framework for Cisco

66
 Summary

67
 Only Oracle Provides…

Most Comprehensive:
 End-to-End Security for Applications, Middleware and Databases!
 Industry’s #1 IdM according to Gartner, Burton and Forrester reports

Deepest Set of Capabilities:

 HR-Driven, Role-based Oracle Application user management
 Deepest Integration for Management of Users, Roles and Entitlements
 Out-of-the-Box Single Sign-On to Oracle Applications
 Self-service Home Page for requesting/removing access requests
 Out-of-the-Box, Approval workflows per user access requests

Unmatched Compliance Options:

 “Actionable”, Periodic Review of Users and fine-grained entitlements
 Preventative and Detective SoD with remediation (IDM and GRC)
 Fine-Grained Access control down to the form/field level
 Database Vault to secure sensitive application data in the database
 Current and Historical Reporting of “Who has what responsibility?”,
“When did they get it?”, “How did they get it?” and “Who approved it?”

68

Leverage Extend Automate Protect

 “Leap Forward” with
Oracle Identity Management for

• Leverage – Your Oracle Application investment

• Extend – Its capabilities to solve common security problems,

drive down costs and boost end user productivity

• Automate – Costly and Time-Consuming User Management,

User Access, Access Recertification and Reporting processes

• Protect – Your Oracle Application “to the Core” with strong

access controls, segregation of duties and data protection

69

Leverage Extend Automate Protect

 W
e
Se bca
Da rie st
Webcast Dates te s
s
NOVEMBER 19

DECEMBER 3
Wednesday, November 19th
Noon EST / 9am PST

DECEMBER 17
Wednesday, December 3rd
Noon EST / 9am PST

JANUARY 7
Wednesday, December 17th
Noon EST / 9am PST

Wednesday, January 7th

Noon EST / 9am PST

70
 Learn More

Webcast Series on “Identity for Applications”

• Visit: Click Here to Register today!

Try the Software

• Visit OTN: otn.oracle.com
Download software, get technical information

Ask Our Experts

• Speak with the Oracle Identity Team

71

Leverage Extend Automate Protect

 Questions?

72

Leverage Extend Automate Protect

 73

73