Kenneth Hee Director, Business Development Security & Identity Management Oracle Identity Management 11g R2 Securing The New Digital Experience
This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Copyright 2011, Oracle and/or its affiliates. All right 2
The New Digital Experience Anywhere, Anytime any Device 90% of companies provide mobile apps by 2014 62% of companies will use social networking to connect with customers 3
Identity Management at the Center Complete, Open, Integrated Web Social Mobile Business Process Management Service Service Integration Integration Development Tools User Engagement User Engagement Content Management Data Data Integration Integration Identity Management & Security Cloud Application Foundation Business Intelligence Enterprise Management Enabling the Interaction Securing the Experience 4
11gR2 Themes and Drivers Simplify and Innovate Simplified Experience Modernized Platform Cloud, Mobile and Social Extreme Scale Clear Upgrade Path Faster Deployment Lower TCO 5
New Identity Platform Convergence: Simple to Adopt, Simple to Deploy Identity Governance Access Management Directory Services Lifecycle Management & 360 visibility Regular & Privileged identities Complete access control & SSO Fraud Detection Converged Policy Administration & Control LDAP, Virtualization Fraud & Meta-directory Detection Unified Administration & Management 6
New Identity Platform Convergence: Simple to Adopt, Simple to Deploy Identity Governance Access Management Directory Services Lifecycle Management & 360 visibility Regular & Privileged identities Complete access control & SSO Fraud Detection Converged Policy Administration & Control LDAP, Virtualization Fraud & Meta-directory Detection Unified Administration & Management 7
Re-designed Access Request Shopping Cart Simplicity Role & Entitlement Catalog Browse & Select Add to Cart Receipt Confirmation Simplified Search Tracking & Visibility 8
Common UI Framework One Platform Unlimited Potential 9
Privileged Account Management With Great Power Comes Great Risks Root Access 76% Data Stolen From Servers 86% Hacking Involve Stolen Credentials 48% Caused by Insiders 17% Involved Privilege Misuse Databases Directory Servers Unix Servers Privileged accounts are a key entry point for fraud Difficult to monitor shared accounts across multiple administrators Excessive access privileges is the number one attack vector against databases 10
Privileged Account Management Complete Lifecycle Management of High Risk Accounts Password Vault Reduce Risk Account Lifecycle Policy Control Checkin Checkout Audit Logging Improve Compliance 11
Managing Privileged Accounts A Platform Approach Single Workflow Single Connector Set Single Attestation 12
User Check-Out Password Screen Copyright 2011, Oracle and/or its affiliates. All right 13
New Identity Platform Convergence: Simple to Adopt, Simple to Deploy Identity Governance Access Management Directory Services Lifecycle Management & 360 visibility Regular & Privileged identities Complete access control & SSO Fraud Detection Converged Policy Administration & Control LDAP, Virtualization Fraud & Meta-directory Detection Unified Administration & Management 14
Mobile & Social Sign-on REST Single Sign-on OAuth Step-up Auth 15
Mobile Security is Beyond Device Management 46% Of organizations that allow BYOD reported experiencing a data or security breach Source: Trend Micro Survey, Feb 2012 50% Of helpdesks struggle to keep up with mobile apps support Source: Mobility Revolution Redux, March 2012 58% Source: Partnerpedia Survey, Aug 2011 Building corporate app stores MOBILE SECURITY STARTS FROM INSIDE 16
Mobile Application Security Copyright 2011, Oracle and/or its affiliates. All right 17
Example Login Flow Native App with OAM Client App(Mobile) Security App (Mobile) Mobile and Social Server(Server) 1 5 Request Access Token Use token to make calls to server application protected by OAM Oracle SDK - If valid token in local credential store, return token to App, else continue below. 2 3 4 - Present login page - Accept username/password - Extracts device attributes and ID contexts - Makes authentication call with user/password, device attributes and device tokens - Stores User/Access Token - Validates device tokens - Registers Device/App if unregistered - Authenticates with OAM Server - Publishes ID context to OAM Server and OES for authorization decisions - Invokes OAAM for risk analysis - Responds User/Access Tokens - Returns token to Client App 18
Social Sign-on Select Login Authorize 19
Visibility & Control Copyright 2011, Oracle and/or its affiliates. All right 20
1. Collect Attributes Access Management Context and Risk Aware Real-time context collection, propagation for risk analysis, authentication and authorization Enterprise / Work Social / Life Mobile / Presence Device Tier Web Tier Application Tier Service Tier Smartphone WEB SSO Application Web Services Context Tablet Laptop Server Identity Federation Risk / Adaptive Authentication Portal SOA Service Bus OES Authorization Container EJBs Databases Directories OES Authorization 2. Publish, Propagate & Evaluate attributes across Oracle s Fusion Middleware stack 21
Access Management Highlights Interoperability & Cohesion Federation Web Access Control Enterprise Sign-on Integrated Fraud Detection Token Services External Authorization SOA Security Fraud Detection Fraud Detection Standards Based 22
New Identity Platform Convergence: Simple to Adopt, Simple to Deploy Identity Governance Access Management Directory Services Lifecycle Management & 360 visibility Regular & Privileged identities Complete access control & SSO Fraud Detection Converged Policy Administration & Control LDAP, Virtualization Fraud & Meta-directory Detection Unified Administration & Management 23
Operational Scale Economies of Scale & Faster Performance 3x DIRECTORY SERVICES Unified Directory Read 5x Write Optimized System Unified Directory 3x Performance 1/6 Cost Oracle SPARC T4 ACCESS MANAGEMENT 250M Users 3K Auth/Second Two Servers at 5250 TPS 24
Taking a Platform Approach Building on Components of Fusion Middleware User Interface Customization Performance Fusion Middleware 25
Identity Management Portfolio 11gR2 Modern, Innovative & Integrated Governance Password Reset Privileged Accounts Access Request Roles Based Provisioning Role Mining Attestation Separation of Duties Access Web Single Sign-on Federation Mobile, Social & Cloud External Authorization SOA Security Integrated ESSO Token Services Fraud Detection Directory LDAP Storage Virtual Directory Meta Directory Platform Security Services 26
Upgrading Gain a Platform Advantage Complete & Modern End to End Compliance Lower TCO 27
What Customers Are Saying Platform is an Advantage Compliance is one of our biggest worries, and managing privileged accounts is a top priority. We are really impressed with the platform approach it matches our long term strategy to shift to more of a self service model for IDM We really like the user interface and the ability to integrate with OIM for approval workflows. We have been considering buying a point product, but we prefer OPAM because of all the built in integration 28
How Customers Are Applying R2 Platform is an advantage Increase quality of service for customers Reduce risk with fraud detection service Improve operational scale Single identity for customers Composite identity for drivers and cards Connecting cars, drivers, social & mobile 29
White Papers Datasheets facebook.com/oracleidm blogs.oracle.com/oracleidm twitter.com/oracleidm Copyright 2011, Oracle and/or its affiliates. All right 30