An Oracle White Paper December 2010. Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication



Similar documents
An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

An Oracle White Paper July Introducing the Oracle Home User in Oracle Database 12c for Microsoft Windows

An Oracle White Paper December Implementing Enterprise Single Sign-On in an Identity Management System

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

An Oracle White Paper June Security and the Oracle Database Cloud Service

The Oracle Mobile Security Suite: Secure Adoption of BYOD

G Cloud 7 Pricing Document

An Oracle White Paper May Distributed Development Using Oracle Secure Global Desktop

G Cloud 7 Pricing Document

An Oracle White Paper August Oracle OpenSSO Fedlet

October Oracle Application Express Statement of Direction

An Oracle White Paper November Oracle Business Intelligence Standard Edition One 11g

THE NEW BUSINESS OF BUSINESS LEADERS. Hiring and Onboarding

March Oracle Business Intelligence Discoverer Statement of Direction

An Oracle Communications White Paper December Serialized Asset Lifecycle Management and Property Accountability

Top Ten Reasons for Deploying Oracle Virtual Networking in Your Data Center

PeopleSoft Enterprise Directory Interface

A Framework for Implementing World-Class Talent Management. The highest performing businesses are re-focusing on talent management

Driving the Business Forward with Human Capital Management. Five key points to consider before you invest

An Oracle White Paper May 2011 BETTER INSIGHTS AND ALIGNMENT WITH BUSINESS INTELLIGENCE AND SCORECARDS

An Oracle White Paper August Higher Security, Greater Access with Oracle Desktop Virtualization

Oracle Mobile Security

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

An Oracle White Paper Dec Oracle Access Management Security Token Service

An Oracle Best Practice Guide March Best Practices for Oracle RightNow Cobrowse Cloud Service

An Oracle White Paper February Oracle Data Integrator 12c Architecture Overview

Mobile-First Strategy. CIO Executive Interview

Migration Best Practices for OpenSSO 8 and SAM 7.1 deployments O R A C L E W H I T E P A P E R M A R C H 2015

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

Driving Down the High Cost of Storage. Pillar Axiom 600

An Oracle Technical White Paper June Oracle VM Windows Paravirtual (PV) Drivers 2.0: New Features

An Oracle White Paper March Oracle s Single Server Solution for VDI

Oracle Whitepaper April Security and the Oracle Database Cloud Service

An Oracle White Paper July Oracle Linux and Oracle VM Remote Lab User Guide

2011 Customer Experience Impact Report. Getting to the Heart of the Consumer and Brand Relationship

An Oracle White Paper November Leveraging Massively Parallel Processing in an Oracle Environment for Big Data Analytics

An Oracle White Paper September Oracle WebLogic Server 12c on Microsoft Windows Azure

How To Load Data Into An Org Database Cloud Service - Multitenant Edition

Field Service Management in the Cloud

An Oracle White Paper October BI Publisher 11g Scheduling & Apache ActiveMQ as JMS Provider

The Yin and Yang of Enterprise Project Portfolio Management and Agile Software Development: Combining Creativity and Governance

June, 2015 Oracle s Siebel CRM Statement of Direction Client Platform Support

An Oracle White Paper July Oracle Desktop Virtualization Simplified Client Access for Oracle Applications

An Oracle White Paper September Oracle Database and the Oracle Database Cloud

An Oracle Technical Article November Certification with Oracle Linux 6

Oracle Knowledge Solutions for Insurance. Answers that Fuel Growth

Using Symantec NetBackup with VSS Snapshot to Perform a Backup of SAN LUNs in the Oracle ZFS Storage Appliance

An Oracle Best Practice Guide April Best Practices for Designing Contact Center Experiences with Oracle RightNow CX Cloud Service

An Oracle White Paper January Oracle Database Firewall

An Oracle White Paper December Tutor Top Ten List: Implement a Sustainable Document Management Environment

An Oracle White Paper February Oracle Revenue Management and Billing for Healthcare Payers

Managed Storage Services

Oracle s BigMachines Solutions. Cloud-Based Configuration, Pricing, and Quoting Solutions for Enterprises and Fast-Growing Midsize Companies

Improve your Customer Experience with High Quality Information

An Oracle White Paper June Creating an Oracle BI Presentation Layer from Imported Oracle OLAP Cubes

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

An Oracle White Paper June Tackling Fraud and Error

An Oracle White Paper November Upgrade Best Practices - Using the Oracle Upgrade Factory for Siebel Customer Relationship Management

An Oracle Technical Article March Certification with Oracle Linux 7

An Oracle White Paper February Integration with Oracle Fusion Financials Cloud Service

An Oracle White Paper April, Effective Account Origination with Siebel Financial Services Customer Order Management for Banking

OpenLDAP Oracle Enterprise Gateway Integration Guide

Oracle Financial Management Analytics

The Benefits of a Unified Enterprise Content Management Platform

An Oracle White Paper June How to Install and Configure a Two-Node Cluster

Vyom SSO-Edge: Single Sign-On for BMC Remedy

An Oracle White Paper June Cutting Cost through Consolidation

An Oracle White Paper January Using Oracle's StorageTek Search Accelerator

An Oracle White Paper February B2B E-Commerce Survey: Results and Trends

Unbreakable Linux Network An Overview

An Oracle White Paper November Knowledge-Infused Customer Relationship Management: A Game-Changing Investment for Customer Support

An Oracle White Paper February Rapid Bottleneck Identification - A Better Way to do Load Testing

An Oracle White Paper December The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks

An Oracle White Paper January Oracle Database Firewall

An Oracle White Paper May Creating Custom PDF Reports with Oracle Application Express and the APEX Listener

The new Manage Requisition Approval task provides a simple and user-friendly interface for approval rules management. This task allows you to:

PROACTIVE ASSET MANAGEMENT

Connect the Contact Center to the Field with Oracle Service Cloud

An Oracle White Paper December Cloud Candidate Selection Tool: Guiding Cloud Adoption

October A New Standard for Excellence. Transforming Education and Research with Oracle Innovation

ORACLE PROJECT ANALYTICS

An Oracle White Paper March European Consumer Views of E-Commerce: A Consumer Research Study of Buying Behavior and Trends

Oracle Insurance Revenue Management and Billing for Healthcare Payers ORACLE WHITE PAPER JULY 2014

The Role of Data Integration in Public, Private, and Hybrid Clouds

Oracle SQL Developer Migration

ORACLE SALES ANALYTICS

An Oracle White Paper October Why CRM Has Failed the Customer And What to Do About It

Transcription:

An Oracle White Paper December 2010 Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication

Introduction Protecting data in the digital age is critical. A security breach, if serious enough, can cost millions of dollars and cripple an organization financially. Eliminating unauthorized access to data is a business necessity. To guard against unauthorized access, most organizations have opted for one of two distinct paths: Requiring different strong passwords changed frequently to access applications and systems, thereby forcing users to remember multiple complex passwords Requiring users to authenticate to the network using a form of strong authentication, such as tokens, smartcards, or biometrics Either approach can benefit from an enterprise single sign-on (ESSO) solution. ESSO eliminates the need for end users to remember and manage application passwords without compromising the security of passwords or password selection. ESSO enables organizations to extend the value of their strong user authentication to the application level without requiring any significant development efforts. When deployed properly, ESSO produces a rapid return on investment by reducing passwordmanagement costs while boosting data security and user productivity. This white paper outlines the value of implementing Oracle Enterprise Single Sign-On Suite Plus in conjunction with, to extend the value of, or to lay the foundation for a strong authentication deployment. 1

Enterprise Single Sign-On Defined ESSO means users need only one password for access to all applications and systems. With it, users can access the corporate network at the start of their workday and immediately have access to all necessary password-protected applications. Eliminating the need to remember multiple passwords enhances security because users do not have to write down their passwords or use easy-to-guess passwords, both of which expose applications to unauthorized users. The Cost of Password Management Remembering and managing multiple usernames and passwords can be frustrating, and that s problematic enough, but this frustration also has significant financial implications. Increased Help Desk Costs As the number of applications and systems that users need to access increases, so does the number of passwords they must remember and manage. This causes frustration among users who forget their passwords and drives up help desk costs with requests for resets. According to the Gartner Group, up to 40 percent of all help desk calls are password reset requests, at an average cost of US$25 per call. Each year, companies spend as much as US$300 per user trying to manage passwords. For organizations with thousands of employees, this can cost millions of dollars. Lost Productivity Forgotten passwords hurt employee productivity. Time spent resetting passwords or waiting for help desk return calls leads to idle users locked out of applications or intranet sites that they need to access to do their jobs. A user might find upon arriving to work that she cannot log on to a critical application to complete a report for a meeting, and a sales representative on a call with a customer might suddenly find he cannot access information for the customer. As a result, help desks spend at least half their time handling password resets while other problems are relegated to lower importance. Weakened Security Multiple passwords are a constant end user irritant, but they can also have serious security consequences. Unable to remember distinct passwords for all systems, corporate end users resort to unsafe practices, such as writing passwords on sticky notes or in their smartphones. Ultimately, end user password management is a growing enterprise security risk because end users Select poor or obvious passwords Use the same password for all systems Never change their passwords Frequently share their passwords with colleagues 2

Compliance-Related Costs As organizations seek to deploy projects that enable them to comply with government legislation or security practices, unfortunately all of these costs can escalate. For example, a hospital that seeks to meet the requirements of the Health Insurance Portability and Accountability Act by mandating that each nurse have a unique login for each application will see frustrated nurses and a spike in help desk costs due to forgotten passwords. Similar situations occur with organizations seeking to deploy enterprise identity management initiatives as part of the Sarbanes-Oxley Act compliance process. To help eliminate these costs without compromising security, organizations have attempted to implement strong authentication and ESSO solutions. Single Sign-On History Single sign-on (SSO) can provide a quick return on investment because it requires virtually no integration with a network s existing applications or infrastructure. But this has not always been the case. Earlier versions of SSO were server-based offerings requiring end users to authenticate to a central server after logging on to their workstations. These products required connectors or agents to be deployed to all internally hosted applications, which was costly and essentially rendered deployments unachievable. As a result, SSO projects were abandoned during evaluation or pilots. Some made it as far as deployment, but were abandoned shortly thereafter. More-recent solutions using extensive scripting offered hope, but they produced similar results as their host-based predecessors. That legacy of failure changed with Oracle Enterprise Single Sign-On Suite Plus, which leverages an innovative event-driven approach to extend the benefits of ESSO to virtually any application, be it Microsoft Windows, UNIX, mainframe, telnet, Java, or Web-enabled without modifying the application. Oracle Enterprise Single Sign-On Suite Plus has emerged as the ESSO standard, bridging the first password, that which is used for network logon, to other applications and authentication methods. Rapid Time to Value Oracle Enterprise Single Sign-On Suite Plus delivers rapid time to value by not requiring Modification to target systems or applications Dedicated infrastructure Modification to the current end user experience In addition, Oracle Enterprise Single Sign-On Suite Plus can help organizations use ESSO to pave the way for stronger authentication or extend the benefit of strong user authentication to virtually any application. 3

Integration Oracle Enterprise Single Sign-On Suite Plus and Strong Authentication As previously discussed, ESSO solves the password management problem. That in itself is a considerable accomplishment because it helps eliminate help desk costs and productivity loss. And this could lead organizations to conclude that once they dispose of this problem, then they have achieved optimal data protection. That could be so in some cases, but organizations increasingly find they need strong authentication for at least some of their most sensitive applications or even all access. Strong Authentication Strong authentication provides identity verification by requiring an enhanced form of user authentication to unlock network accounts, virtual private network accounts, and even applications. It is important to understand what constitutes strong authentication. Many organizations immediately jump to tokens, smartcards, or biometrics when adopting strong authentication, but often these forms of two-factor authentication are more than necessary. With ESSO, users have one password, typically their Windows logon. They need authentication only once to gain access to enterprise applications. With users having to remember only one password, it is perfectly reasonable for organizations to enforce strict password policies on that single password. To that point, it is imperative that organizations understand that a strong password policy as their primary method of user authentication can be strong authentication a very economical form of strong authentication. Oracle Enterprise Single Sign-On Suite Plus includes a user self-service Windows password reset solution called Oracle Password Reset. This solution enables users who forget their Windows password to reset it from the Windows login without help desk involvement. Oracle Password Reset can help enforce a strong password policy without increasing help desk costs. Strong Two-Factor Authentication Two-factor authentication, such as biometrics, tokens, and smartcards, combine two forms of identity verification, for example, a personal identification number or password used with a smartcard or token. These types of authentication are requirements for organizations in various industries, from some government agencies to healthcare providers to financial institutions. Today, most organizations considering two-factor authentication projects focus on user authentication for applications that involve high-risk, high-value transactions. This is primarily because integrating two-factor authentication is a costly, and often complex, process. To address this issue, Oracle Enterprise Single Sign-On Suite Plus includes the Oracle Universal Authentication Manager solution, which can help securely bridge any form of user authentication and any application, without requiring any integration at the application level. Oracle Universal Authentication Manager also supports multiple authenticators, such as the Windows logon, when the advanced authenticator is not available or working. The solution grades the authentication and restricts 4

or allows access based on the authentication level. This is a significant benefit that can help organizations either to use ESSO to pave the way for a strong authentication deployment or extend the benefit of strong user authentication to virtually any application. Leveraging Enterprise Single Sign-On to Pave the Way for Two-Factor Authentication ESSO paves the way for two-factor authentication. Typically, two-factor authentication focuses on user authentication, but true return on investment and security benefits happen at the application level. Oracle Enterprise Single Sign-On Suite Plus delivers secure access to applications, enabling strict authorization policies to be enforced that require complex passwords and frequent changes to those passwords. This means Oracle Enterprise Single Sign-On Suite Plus delivers strong user authentication to the network itself and to all enterprise applications. Extending the Value of Two-Factor Authentication with Enterprise Single Sign-On With ESSO in place, organizations can further justify their investments in two-factor authentication. Without it, the costs of integrating all applications to accept two-factor integration would be exorbitant, and the commitment in time would be enormous. Strong user authentication with weak application authentication is a poor solution. But adding ESSO changes this Oracle Enterprise Single Sign-On Suite Plus delivers a quick return on investment. Conclusion Oracle Enterprise Single Sign-On Suite Plus has simplified the deployment of ESSO for organizations. Furthermore, integrating Oracle Enterprise Single Sign-On Suite Plus with strong authentication enables organizations to either extend the value of two-factor user authentication to applications or pave the way for a strong two-factor user authentication process. The benefits are significant. Organizations that deploy this solution can more-effectively protect enterprise data with enhanced security while reducing help desk costs, improving user satisfaction, and enhancing compliance capabilities. 5

Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication December 2010 Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright 2005, 2010, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 0410