<Insert Picture Here> Oracle Identity And Access Management Ed King Senior Director, Product Management
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remain at the sole discretion of Oracle.
Agenda Introduction Problem statements Value propositions Products and partnerships Industry validations Product strategy and roadmap Service oriented security Customer case studies
Oracle s IdM Business <Insert Picture Here>
Oracle Database Security 30 Years of Innovation Oracle Audit Vault Oracle Database Vault DB Security Evaluation #19 Transparent Data Encryption EM Configuration Scanning Fine Grained Auditing (9i) Secure application roles Client Identifier / Identity propagation Oracle Label Security (2000) Proxy authentication Enterprise User Security Global roles Virtual Private Database (8i) Database Encryption API Strong authentication (PKI, Kerberos, RADIUS) Native Network Encryption (Oracle7) Database Auditing 1977Government customer 2007
Oracle Identity Management Commitment to Leadership & Innovation Innovate Lead Build 1999 2005 2006 2007 Identity Governance Framework Id. Assurance Partner Alliance Oracle Access Management Suite Acquisition of BEA OES Acquisition of Bharosa OAAM Acquisition of Bridgestream ORM Market Leader in Forrester s IAM Wave Oracle IdM Eco-system Oracle esso Leader in Gartner s UP & WAM Magic Quadrant Oracle Identity and Access Management Suite Identity Audit and Compliance offering Acquisition of OctetString OVD Acquisition of Thor OIM Acquisition of Oblix OAM, OIF & OWSM Acquisition of Phaos Federation and WS technologies Oracle Internet Directory 2008
Oracle IdM Key Success Factors Acquire best-of-breed products and talents Phaos, Oblix, Thor, OctetString, Bharosa, Bridgestream Each company had strong technical and management talents Retain and invest Still have > 90% retention rate of acquired employees Acquired employees hold key mgmt. and technical positions Team size grew organically by > 100% post 2005 acquisitions Customer focus Focus on low TCO architecture Focus on customer success Focus on long-term customer partnership
IdM Is Strategic To Oracle IdM is key security infrastructure for Fusion IdM is a key component of the GRC strategy Oracle has invested in 6 acquisitions in IdM since 2005 Oracle has invested heavily in organic growth > 350 developers > 35 product managers > 80 QA > 90 support
Identity Management Innovation Integrated identity and role management 1st suite vendor to acquire and integrate business policies into an enterprise class identity management solution Integrated access management and anti-fraud solution 1st suite vendor to offer comprehensive software solution that thwarts the entire range of web-threats Identity virtualization for applications 1st suite vendor to provide a solution to unify identity data without consolidating and re-use identity data without copying Comprehensive application audit framework 1st to integrate audit with provisioning for policy review Identity Governance Framework Comprehensive CARML/AAPML-based application development Hot-pluggable by design
Key Oracle Differentiators Complete suite of best-of-breed products Proven for large scale deployments Best long-term investment
Problem Statements <Insert Picture Here>
5 Questions to ask your Chief Information Security Officer
Q: How do you control access to your sensitive applications? a Usernames and passwords b Contextual authentication authorization c Hardware token
Q: What determines your employee s access? a Give Alice whatever Wally has b Base on her business roles c Whatever her manager says
Q: Who is the most privileged user in your enterprise? a Security administrator b CFO c The 3-peat summer intern who is now working for your competitor
Q: How secure is your identity data? a It is in 18 different secured stores b We protect the admin passwords c Privacy? We don t hold credit card numbers
Q: How much are manual compliance controls costing your organization? a Nothing, no new headcount b Don t ask c Don t know
Today s IT Challenges More Compliant Business Increasing regulatory demands Increasing privacy concerns Business viability concerns More Agile Business More accessibility for employees, customers and partners Higher level of B2B integrations Faster reaction to changing requirements More Secured Business Organized crime Identity theft Intellectual property theft Constant global threats
State Of Security In Enterprise Incomplete Multiple point solutions from many vendors Disparate technologies that don t work together Complex Repeated point-to-point integrations Mostly manual operations Non-compliant Difficult to enforce consistent set of policies Difficult to measure compliance with those policies Business un-friendly Solutions not user-centric but technology-centric Processes not end-user friendly
Enterprise Applications Today Admins Customers & Partners Business Users Mix of custom, legacy & packaged applications Silo ed and disjointed security Numerous identity stores and policy administration points Too many users with privileged access Highly evolving and regulated business environment
Next Generation Security Challenges Auditors & Regulators Identity Thieves Rogue Employees Privileged Users
Next Generation Security Solutions Compliant Provisioning Fraud Prevention Auditors & Regulators Identity Thieves Entitlement Management Data-Center Security Rogue Employees Privileged Users
Sustainable Compliance Attestation of user access is a manual process User access does not match their jobs Segregation of duties policies not enforced
Identity Theft & External Fraud Enterprise brand often used in phishing attacks Stolen identity and credit cards used to pay for on-line purchases Consumers hesitate to embrace on-line self service due to fear of identity theft
Data Privacy & Internal Fraud No fine grained control of data visibility and transaction level access Inappropriate or fraudulent use of enterpris IT assets and information services Difficult to prove compliance with data privacy and consumer rights regulations
Data Center Security Administration of users in hundreds of DB is not scalable DBA can see all data, violating data privacy mandates Integration of identity infrastructure takes 12 months or longer after an acquisition
IT s Role in Building Corporate Trust The Need for IT Governance Strategy Majority of 400 directors surveyed recognize that the right IT strategy is very important for 69% 66% 57% Compliance Customer Satisfaction Managing Risk Security The Ponemon Institute finds that 70% When a company announces a security breach, its stock price can drop by of all reported security breaches were due to insiders 2% Control Gartner warns that More than 80 per cent of IT groups may be incapable of satisfying many of the laws and regulations, such as HIPAA and 21 CFR Part 11, that require changerelated audit trails and accountability over material configuration items. Source: Corporate Board Member/ Deloitte Consulting, March 2007 Source: Ponemon Institute, 2005 Source: Gartner, 2005
It s A Risky Business Société Générale 10 billion in trading losses due to unauthorized trades Trader executed unauthorized trades with 75 billion of exposure and attempted to cover up his losses using fake accounts and emails. When the bank discovered the fraud it had to unwind the position in 3 days, resulting in 10 billion in losses and triggering a world wide market sell-off. Source: Fortune, May 2008 TJ Maxx $17 Million remediation cost for 45 million stolen credit card numbers Breach of TJ Maxx s IT systems led to the lost of 45 million credit and debit card numbers over a period of 18 months. Estimated total revenue impact from negative press coverage was $4.5 billion. Source: Information Week, May 2007 Citi Group 3.9 million customer data lost Mass theft of debit card PINS results in several hundred fraudulent cash withdrawals in Canada, Russia, and the U.K. This follows the loss of unencrypted tapes containing information on 3.9M customers. Source: InformationWeek, March 2006 Mellon Bank $18.1 million in fine for failure to prevent fraudulent data destruction For a violation of the Fair Debt Collection Practices Act, in which employees destroyed 80,000 unprocessed Federal tax returns and tax return checks in an attempt to conceal failure to meet IRS processing deadlines, Mellon paid a fine of $18.1 million and closed its tax processing center. Source: Unbossed.com, April 27, 2005
Guaranteed Bad Press In Public Sector Breach Notification Is Mandated By Law 38 states now have some form of breach notification law, like California Senate Bill 1386 Law mandates public disclosure if security breach is found in any public institution Direct mail to all effected people, or Notify major statewide media Cost of generating letters can range from $2-$12/person
Liability For PCI DSS Non-Compliance PCI Data Security Standard Is Now Law States are adopting PCI DSS into state laws Estimated cost is $1 million per breach instance Law mandates non-compliant banks to cover cost of notification and remediation in case of breach Law mandates non-compliant business to reimburse card issuing bank for cost of notification and remediation in case of breach
Value Propositions <Insert Picture Here>
Identity Management Values Trusted and reliable security Efficient regulatory compliance Lower administrative and development costs Enable online business networks Better end-user experience
How Can Identity Management Help? Establish Enterprise Identity & Roles X?! Consolidate or virtualize multiple, complex identity environments to a single enterprise identity source Automate linkage of employee records with user accounts Establish enterprise roles for automation, compliance and business continuity Eliminate rogue and orphaned accounts
How Can Identity Management Help? Enforce Strong And Granular Security Policies Enforce strong password policies via synchronization or single sign-on (SSO) Implement strong authentication and risk based authorization for critical apps and web services Enforce minimal access rights based on roles, attributes, and requests Leverage federation technologies for cross-domain SSO
How Can Identity Management Help? Automate Security Related Processes Reduce administration cost and improve service level with delegated administration & self-service Implement scalable and dynamic approval workflows leveraging dynamic enterprise role and organization data Automate detection of fraudulent activities based on policies Role and attribute driven provisioning of applications with exact access levels
How Can Identity Management Help? Define Audit And Control Framework Implement automated attestation for entitlements, roles, policies, workflows. Implement exception driven process automation Implement segregation of duties around roles and entitlements Implement automations and controls for management of privileged users
How Can Identity Management Help? Deploy A Scalable Integration Architecture Define an enterprise-wide integration standard Leverage all integrations through a single interface / application Heavily leverage open standards to protect IT investments Maximize out-of-the-box integrations across technology stacks: applications, middleware, database and operating systems
How Can Identity Management Help? Security And Control For Enterprise Applications Procure-To-Pay Process Financials Issue Payment Automate user management, manage entitlements, enforce segregation of duties Link HR employee data to user accounts Issue PO ERP Accept Shipment SCM Integrate application to enterprise directories and portals Enforce appropriate and granular level of access control based on application and data being accessed
How Can Identity Management Help? Manageability and Security For Databases Externalize and centralize authentication and authorization of database users with optional strong authentication DBA Centrally manage database users and database roles DBA Implement strong control over DBA access DBA Automate security management of shared accounts
How Can Identity Management Help? Compliance & Fraud Mgmt. For Financial Services Manage Who has access to What, When, How and Why for SOX, FFIEC, GLBA and PCI compliance Automate termination and job transfer processes for tight security Detect and remediate fraudulent activities against both outside and inside threats Enforce segregation of duties and Chinese Wall regulatory mandates
How Can Identity Management Help? Scalable Security And Administration For Retail Manage scalable lifecycle management for a highly dynamic and seasonal workforce Improve access security for shared terminals such as POS and warehouse terminals Enforce segregation of duties across heterogeneous systems such as receiving and payment Enable federated access for supply chain partners
How Can Identity Management Help? Scalable Infrastructure For Telecommunication Deploy telco-grade identity store and unify user profiles from networks and applications in real-time Enable scalable identity administration and account provisioning for very large user base and dynamic call center operations Deploy self-service and self registration to reduce customer administration cost Enable federated access, SSO, mutual authentication and fraud prevention for customer and dealer portals
How Can Identity Management Help? Guarantee Patient Privacy For Healthcare Deploy secured storage and control processes to guard patient s data privacy Deploy audit and control mechanisms to ensure cost effective compliance to HIPAA Implement access control to ensure the security of shared workstations for single sign-on and sign-off Enable self-service and automated application provisioning for mobile healthcare workers
How Can Identity Management Help? Flexible, Risk Based Security for Life Sciences Enable secure internal and external collaboration for the development and marketing of life science products Improve risk management by ensuring the proper level of authentication is required based on the criticality of the applications. Enable self-service and automated application provisioning for clinical investigators Enable secured handling and storage of clinical trial patient data
How Can Identity Management Help? Scalable Security And Administration For Higher Ed. Deploy self-registration and self-service to reduce help desk cost and improve service level Manage the rich role information for a highly dynamic user base with multiple affiliations Implement on-boarding and off-boarding automation to deal with activity level driven by academic calendar Deploy secured identity repository to ensure user privacy and HIPAA compliance
How Can Identity Management Help? Enable Service Delivery For Local Government Provide secured access for residents to government services via strong auth n, risk based auth z & safeguarding of identity data Enable cost efficient compliance for HIPAA, PCI, etc. Streamline management of large & distributed user base via self-service & delegated admin. Simplify identity & security integration across dispersed agencies, districts and departments
Products & Partnerships <Insert Picture Here>
2 variations of the suite solution and product slides Oracle s Identity Management Suite Identity Admin. Role Manager Identity Manager Access Management Identity Management 2.0 Adaptive Access Manager Entitlements Server Web Services Manager Core Platform Access Manager Identity Federation Enterprise Single Sign-On Directory Services Virtual Directory Internet Directory Authentication Service for OS Audit & Compliance Identity Management Suite Manageability Enterprise Manager IdM Pack
2 variations of the suite solution and product slides Oracle s Comprehensive IdM Solutions Identity Admin. Role management Role mining Relationship management Identity lifecycle Organization lifecycle Provisioning & Reconciliation Password management Access Management Identity Management 2.0 Strong authentication Risk based authorization Fine grained entitlements Web Services security Core Platform Authentication Authorization Single sign-on Federation Directory Services Identity virtualization LDAP storage LDAP synchronization OS authentication Audit & Compliance Audit Reporting Analytics Fraud Attestation Segregation of duties Manageability Service level Performance Configuration Automation
2 variations of the suite solution and product slides Oracle s Identity Management Suite Identity Admin. Identity Manager Role Manager Access Management Access Manager Adaptive Access Manager Enterprise Single Sign-On Identity Federation Entitlements Server Web Services Manager Authentication Service for OS Directory Services Internet Directory Virtual Directory Audit & Compliance Identity Management Suite Manageability Enterprise Manager IdM Pack
2 variations of the suite solution and product slides Oracle s Comprehensive IdM Solutions Identity Admin. Identity lifecycle Role management & mining Organization management Provisioning Reconciliation Password management Access Management Strong authentication Risk based authorization Single sign-on Federation Fine grained entitlements Web Services security Operating systems security Directory Services Storage Virtualization Synchronization Audit & Compliance Manageability Audit Reporting Analytics Fraud Attestation Segregation of duties Service level Configuration Performance Automation
Access Control & Single Sign-On Single sign-on w/ Federation HRMS Contractor AD Oracle Internet LDAP Directory Oracle esso Suite Directory synchronization Personalization For internal and external users Oracle Identity Federation Oracle Access Manager Customer Internal User
Self-Service HRMS LDAP Self-service and self-registration Delegated administration Password reset For internal and external users Contractor AD Oracle Identity Manager Approver Customer Internal User
Provisioning Device DB Mainframe Approver Customer Internal User
Compliant Role Based Provisioning Mainframe DB Attester Role Management
Identity Theft Protection Mutual authentication Knowledge based authentication Key-logger-proof devices New Purchase Oracle Adaptive Access Manager Secure Mutual Authentication Account Management Fraud analytics Transaction monitoring Device & location tracking Behavior profiling Device & Geo-location Forensics
Fine Grained Data & Transaction Control Business Partner Customer A Oracle Role User Manager Roles Country A Customer Support Customer B Oracle Customer Entitlement Data Server Country B Customer Support Employee / Account Manager Fine grained contextual control Leverage roles, relationship, attributes, 3 rd party, session, transaction & historical data
Scalable, Secured & Agile Infrastructure LDAP AD Oracle Virtual Directory LDAP Enterprise User Security Centralized Management of DBAs Integration with Active Directory SoD for Privileged DBA Access DB Vault DBAs HR Finance DBA App A Finance App B CRM CRM DBA
Oracle s Comprehensive IdM Solutions End Users Administrator Info. Sec, Auditor Strong Authentication Risk Based Authorization Federation Self-Service Identity Admin Account Admin Organization Admin Role Management Delegated Admin Reporting & Analytics Attestation Segregation of Duties Fraud Detection Oracle Identity Management & Security Platform Provisioning Reconciliation Password Mgmt. WS Security LDAP Virtualization LDAP Storage LDAP Synchronization DB User Security Java Platform Security Authentication For Operating Systems Business Apps, HR Directories, DB App Server, OS
Identity Admin. Lifecycle Management Provisioning, Role Management, Self-Service HRMS Delegated Administration Identity Audit Password Sync. Applications Identity Reconciliation Account Provisioning CRM Identity & Role Lifecycle Management Account Reconciliation Infrastructure LDAP Self-Service Self-Registration DB
Access Management Run-Time Authentication, Authorization, SSO, Federation User Authentication Session Management Web Service Policy Management Fraud Monitoring Risk Profiling Access Audit Web SSO esso Authorization Federation & Trust Web Applications Legacy Applications Partner Applications & Web Services
Directory Services Infrastructure Identity Virtualization And Consolidation HRMS Virtual Schema 1 Applications CRM Internal LDAP External LDAP Schema Aggregation Schema Transformation Schema Mapping Data Synchronization Virtual Schema N Aggregated Schema Applications Meta Directory
Oracle Access Manager Policy Enforcement Points (PEP) Delegated Admin End User Authentication & Authorization Request Authentication & Authorization Decisions WebGates AccessGates Applications User Data Policy Data Identity & Group Lifecycle Management Configuration Data Policy Manager Policy Decision Engine OAM Identity Server LDAP Store OAM Access Server
Oracle Web Services Manager Policy Enforcement Points (PEP) Client-Side Agents Option Gateway Option Server-Side Agents Option (Last-Mile Security) Clients J2SE, J2EE,.NET Web Services Endpoints (J2EE,.NET) Policy Management Monitoring OWSM Server And Admin Console
Oracle Identity Federation Applications Service partners IDM infrastructures Identity Stores Policy Stores Cert Stores Certificate configuration Oracle Identity Federation Identity Provider discovery SAML 1.1 SAML 2.0 WS-Fed Trade partners AuthN & SSO Account mapping Integration APIs Portals Affiliates
Oracle Entitlements Server OES PDP policy App OES PAP Audit policy OES PDP Leverage existing identity stores and enterprise data for entitlements decisions LDAP policy App Centralized policy management, distribution Localized policy decisions and enforcement Protect any system or business component across heterogeneous platforms OES PDP App Audit Audit Enterprise Data
Oracle Adaptive Access Manager User Context 3 RD Party Apps/Data Location Device Context ARM Context Historical Data ASA Context Context Context Current vs historical User Device Location Transaction 3 rd Party Cross comparisons
Oracle Enterprise Security Identity And Access Management User Management Directory Management Access Management Platform Security Identity Audit Application Security Governance Risk Compliance Policy & Process Management Data Security Multi-level Access Control Information Rights Encryption DBA Security Monitoring & Alert Enterprise Control Compliance Analysis & Reporting Operating System Security Authentication Service User Management Audit Automation
Complete Application Security Account provisioning Segregation of duties Entitlement attestation Access Management Strong authentication Risk based authorization Federation & WS security Process Control - Configuration Master data security Code security Change management DBA access Data classification Info. rights management Application Native Security Data Security Process Control - Transaction Internal controls violation High-risk transactions Fraudulent transactions Encryption at rest & in transit Secured backup
Oracle Security Products For Apps Access Manager Adaptive Access Manager Identity Federation Application Access Controls Governor Access Management Identity Manager Role Manager Web Services Manager Process Control - Configuration Configuration Controls Governor Preventive Controls Governor Database Vault & Audit Vault Label Security Enterprise User Security Application Native Security Data Security Process Control - Transaction Transaction Controls Governor Transparent Data Encryption Secured Backup Information Rights Mgmt.
Identity Management For Oracle Apps OAM OAAM OIF OES In Progress In Progress In Progress In Progress esso OIM ORM OID OVD OWSM Out-of-The-Box Connectors Certified Interoperability
IdM And Data Security Enterprise User Security (EUS) OVD enables EUS to run on Active Directory, SunOne, and OID OIM further enables centralized DB user admin via EUS ORM IT role management extends EUS role managment Database Vault OIM provisions standard DB user + DB Vault privileges DB Vault is used to protect DBA access to sensitive IdM data Transparent Data Encryption (TDE) TDE encrypts data transparently for OID, OIM and ORM
Complete Enterprise Control GRC Process Management Policy Repository Evidence Management Control Testing Risk & Compliance Reporting GRC Application Controls Controls Monitoring & Enforcement Best Practice Controls & Policies Privilege Level SOD Contextual SOD Authorization Identity Management User On-Boarding Lifecycle Mgmt. Account Provisioning & Remediation Access & Role Attestation Authentication, Authorization, SSO Business Applications Apps, Systems & Data Repositories
Closed-Loop SOD Access Provisioning User, Org Lifecycle Event SOD Policy Simulation Access Request & Approval Preventive Validation & Enforcement + Provisioning Workflow Access Remediation Exceptions Report Design & Deploy Compensating Controls Provisioned User Access Detective SOD Analysis Identity Management GRC Application Controls
Closed-Loop SOD Role Based Access Role & Rule Mining Role Design Feedback Role Design & Mapping Role Assignment & Admin Provisioning Workflow Preventive Validation & Enforcement Role Remediation + SOD Policy Simulation Exceptions Report Design & Deploy Compensating Controls Provisioned Role & User Access Detective SOD Analysis Identity Management GRC Application Controls
Partners: ISV Ecosystem Strong Authentication Network Access Industries Compliance Physical Access Identity Assurance
Partners: System Integrators Global Full Service Partners Regional And Boutique Partners
Industry Validation <Insert Picture Here>
Leader in Magic Quadrants Oracle assumes the No. 1 position - Earl Perkins, Perry Carpenter, Aug. 15 2008 (Research G00159740) User Provisioning, H2 2008 Web Access Management, H2 2008 Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Most Comprehensive IdM Suite Updated with latest acquisitions Identity And Access Management Marketplace, Gartner Symposium/ITxpo, Ant Allen, ESC19_1049, 11/07, AE
Strongest Vendor According To Oracle is currently the IdM vendor to beat - VantagePoint 2007: Identity and Privacy Trends in Enterprise IT Oracle continues to increase in mindshare while broadening its IdM portfolio. - VantagePoint 2008: Identity and Privacy Trends in Enterprise IT
Provisioning Market Report 2009 Oracle is currently leading the provisioning market IBM and Sun have both lost market share to Oracle - Provisioning Market 2009 report
Market Leader According To Oracle has established itself as Leader. - The Forrester Wave: Identity And Access Management, Q1 2008 Oracle reached the top of our evaluation through a combination of the breadth, depth, interoperability, and packaging of its IAM features alongside the strategy and current state of market execution on its application-centric identity vision. - The Forrester Wave: Identity And Access Management, Q1 2008
IdM Hype Cycle 2008
GRC + Security Product Space Strength of GRC Solution Strength of IdM Solution
Best of Breed Proof Points Independent Product Evaluations & Awards..very powerful flexible account provisioning OVD: 2007 Global Excellence in Directory Services Award..strong platform for defining and enforcing policies in WSJ Quickly, easily, securely..connect via Single sign-on Brings Management Simplicity to Web Services eweek [OWSM] Simple to the core easy to use
Product Strategy & Roadmap <Insert Picture Here>
Oracle s Identity Management Strategy Develop Identity Services Framework Deploy Operate FMW Technologies Complete solution Integrated suite of best-of-breed components Each component individually deployable Application centric Integrated with business applications Integrated to application life cycle Hot-pluggable Standards-based Works across leading platforms
Heterogeneous Support Of all the large platform vendors, Oracle, Novell, CA and BMC seem the most committed to providing significant support for heterogeneous environments. - Ray Wagner, Gartner, October 2006 Portals Application / Web Servers Applications Groupware Directories Operating Systems ACF-2 & TSS RACF & IOS/400
Standards Support Contribute and lead SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Security), JCP - Author SPML - Author XACML Voting member Implement Accelerate product development Simplify product integration & minimize TCO Innovate Enable Identity Governance Framework: CARML, AAPML Standards for end-to-end security
Looking Ahead Oracle will broaden security product portfolio Security is not just another line of business for Oracle Security is strategic to Oracle s entire product portfolio Emerging areas: entitlement management, fraud, privacy, governance, risk management etc. From security silos to built-in security Built into enterprise applications, middleware, DB, OS Identity Services Framework Project Fusion Single security model across Enterprise Applications Suite Enforced uniformly at all parts of technology infrastructure Across entire life-cycle from development to maintenance
Identity Services Framework Fusion Apps, Other Fusion Products 3rd Party Apps Custom Apps Legacy Applications (Not Identity Service Ready) Business Functions Business Functions Business Functions Business Functions User Management Authentication Authorization Federation Service Interfaces WS-*, SPML, SAML, XACML, IGF Identity Services Legacy Interfaces Connectors, Agents Authentication Provisioning Identity Provider Audit Authorization Administration Role Provider Federation & Trust Enterprise Identity Management Infrastructure Policy & Orchestration Virtualization & User Store
Service Oriented Security Topic <Insert Picture Here>
Application Security (Used to Be) Silo ed Authentication Application A Application B Application C Silo ed Authorization Silo ed Identity Repository Silo ed Administration
Challenges Non-uniform policies at different granularities Non-uniform user experience Credential proliferation High administration cost
Today s Identity Management Strong-Auth Single Sign-On Federation Provisioning Application A Application B Application C Audit & Compliance Risk Analytics
Identity Management 1.0 Challenges Integration cost is high Additional infrastructure components to maintain Cannot completely make up for poor application security Authorization model is still mixed
A Paradigm Change is Happening Externalized authorization policies Abstraction of deployment details from applications Integration of security with IDEs Roles, context, trust Hot-pluggable functions Service Oriented Security
Support For Application Life Cycle Development Design Packaging Management & Administration Deployment Runtime Integration 10 0 100
Start Building A Service Platform Oracle Access Manager Oracle Adaptive Access Manager Authentication Service Oracle Role Manager Oracle Entitlements Server Authorization Service Oracle Identity Manager Oracle Virtual Directory Identity, Profile Service
<Insert Picture Here> Customers Case Studies Note: The most common case studies have been reformatted to be more presentation friendly. Not all use cases will be reformatted this way. If you prefer the original format or need more use cases, please see the main use case PPT file.
Oracle IdM s Customer Focus Customer Advisory Board Collaboration with strategic customers on product roadmap and technology directions Security Executive Forum C-level executive helps to validate Oracle s strategy and drive future investments Past attendees: Bank of America, British Telecom, Franklin Templeton, JP Morgan Chase, Network Appliance, Royal Bank of Scotland, The Hartford, T-Mobile, Toyota, Wachovia,. Best post-sale support in the industry Product management sponsorship to ensure every deployment and every upgrade is a success Strong track record of customer upgrade success
Customer Advisory Board Share, Communicate, Partner
Identity Management Customers Financial Services Transportation & Services Manufacturing & Technology Telecommunication Public Sector Retail Oracle Confidential
Oracle Confidential Unparalleled Strength In Fin. Services
Oracle Confidential Customers Using Oracle IdM With SAP
Award Winning Scalable Solutions OAM, OVD, OID 34 million users managed on aarp.com OIM, ORM 1,200 applications under management OIM, ORM 17,000 managed roles OAM, OIM 4.5 million users provisioned from kpn.com
IdM Platform Customers OAM, OIM 80,000 internal users 1.8 million partners, suppliers and customers OAM, OIM Provisioning SAP, E-Business Suite and Siebel OAM, OIM, OID 9 million retail customers using self-registration & self-service
Compliant Provisioning Customers OIM, ORM Enterprise wide business role management OIM, ORM, OAM Access provisioning and attestation OIM, OAACG Fine grained provisioning of E-Business Suite
Fraud Prevention Customers OAAM Fraud analysis of on-line, ATM, and in-branch transaction data OAAM Integrated identity proofing services for credit card sign-up kiosks in department stores OAAM Prevent identity theft from resume database
Fine Grained Authorization Customers OES Standardized access control across risk management systems OES Fine grained access control for B2B fincancial services portal OES Fine grained access control for pharmaceutical service provider portal
Data Center Security Security Customers OVD, OID, OAM Integrated legacy back-end systems to new social networking portal OVD, OID, OAM, OIM Created centralized identity hub across AD, ADAM, EBS HR and other applications OVD, EUS Leveraged OVD to centralize DB user administration and authentication to existing AD
Case Study Lehman Bro. / Barclays GLB & SOX Compliance Business Challenges No official record of who has access to what to meet compliance requirements No reliable access DB and process for terminating access when employee leaves firm Oracle Solution Implemented OIM as enterprise identity management platform Enabled self-service account management for employees and managers Deployed enterprise-wide integration methodology and on-boarding, job change, and termination processes Return On Investment > 1,000 applications under centralized management Comprehensive who has access to what database for compliance and process automation Prompt termination of access for all departing employees Reduced wait for new resources
Case Study Accenture SAP Management & Self Service Business Challenges High % of help desk resources handling password reset Hardware tokens management was manual and expensive process SAP access management was not locked down and attestation of SAP access was based on email and Excel Oracle Solution Implemented OIM as enterprise identity management platform Deployed self-service for password management and token lifecycle management Automated provisioning process for SAP, including reconciliation of employee records from SAP HR Return On Investment > $750,000 annual savings in help desk cost Eliminated need for a standalone RSA token management solution 10 fewer SAP administrators at an annual saving of $500,000 High quality IT compliance data for core SOX applications: SAP
Case Study Toyota Financial Services Oracle Apps Management & Enhanced Security Business Challenges Up to one month to provide all required access for new employees and employees changing jobs Lack of consistent control resulted in large number of orphaned and rogue accounts HR data was of poor quality and cannot be used as source of truth Oracle Solution Implemented OIM as enterprise identity management platform, replacing failed CA solution Cleaned up HR data in PeopleSoft using a claim your identity process Automated provisioning to core business and IT applications: PeopleSoft, Siebel, RACF, AD..etc. Return On Investment Clean HR data in PeopleSoft is now source of truth for identity Eliminated > 90% of ghost employee, orphaned and rogue accounts Guaranteed service level for access provisioning Reduced help desk calls from selfservice password management
Case Study Royal Bank of Scotland Standardized Access Control For A Global Enterprise Business Challenges Access management for globally distributed, multi-brand, 140,000+ workforce is manual, distributed, and nonstandardized No one reliable source for who has access to what Poor identity and role data to enable automation Oracle Solution Implemented OIM and ORM as enterprise identity management platform Implemented automated provisioning and continuous reconciliation to secure critical infrastructure applications Replaced legacy role management system and added delegated admin and workflow capabilities Return On Investment Lower cost for and improve speed of meeting compliance and internal audit mandates 100% reduction in unauthorized privileges, 90% reduction in exceptions and 90% reduction in roles and groups Standardized and remove duplicate processes and systems
Case Study Charles Schwab Cost Effective Compliance For A Distributed Workforce Business Challenges Non scalable manual process to track 6,000+ mobile retail worker s access in 300+ branches Homegrown attestation tool not scalable and too expensive to maintain Need to better control access to heterogeneous environment including PoepleSoft and TopSecret Oracle Solution Implemented OAM, OIM and ORM as enterprise identity management platform Delegated admin of branch hierarchy and location specific roles Fully automated provisioning process for critical SOX applications, using PeopleSoft as trusted identity source Return On Investment Lower admin cost while providing more accurate organization, role and identity data Consistent access control across modern and legacy (mainframe) applications Consolidated access and role data to simplify audit reporting and attestation
Case Study Southwest Airlines Seamless B2B Integration & Low TCO Business Challenges When mechanics cannot access Boeing s maintenance portal, airplanes sit idle at $15,000 per hour Boeing was incurring administration and help desk cost for managing SWA mechanic s access to the maintenance portal Oracle Solution Implemented OAM and OIF as enterprise access management and federation platform 1 st airline to implement SAML based federation solution OAM protects intranet and provides self-service password management 6-week deployment Return On Investment Saved administration cost of $30 per employee, per month Improved on-time performance and higher airplane utilization Less administration and help desk cost for partner Boeing
Case Study General Motors Lower Operational Costs & Centralized Access Control Business Challenges High administration cost associated with large use base User base includes multiple tiers of suppliers and dealers System access issues caused delay in supply chain collaboration Oracle Solution Implemented OAM and OIF as access control for dealer and supplier portals Enabled 6 levels of delegated administration for supplier portal Enabled attribute level security for delegated administrators Integrated with legacy access management system: IBM Tivoli Return On Investment Saved administration cost by delegating administration to partners Improved supply chain portal accessibility and supply chain performance Centralized policy management ensures consistent security across all partners
Case Study National City Fighting Internet Fraud & FFIEC Compliance Business Challenges Raising level and sophistication of internet fraud: phishing, key logging, pharming etc. FFIEC compliance requirement Oracle Solution Implemented OAAM to protect National City s on-line banking site Provided mutual authentication against phishing Provides real-time fraud detection against suspicious behaviors Integrated with legacy access management system: CA Siteminder Return On Investment Increased consumer confidence without sacrificing usability Decreased liability for National City and discouraged fraud attempts Increased ability to deliver new services in a secured manner
Case Study JPMorgan Chase Leveraging Entitlements Across the Business Units Business Challenges Frequent M&A activities makes it difficult to standardized access control across inherited systems & personnel moves Must protect confidential information and provide proof of the protection in a scalable manner Security architecture must be transparent, flexible, & efficient Oracle Solution Implemented OES to provides a common platform for authorizations that stretch across multiple business lines and organizations Business users maintain entitlements for application users by region and industry Return On Investment Protecting hundreds of applications simultaneously in a cost effective manner Policy changes are enforced instantaneously without synchronization and migration errors
Case Study AARP Fast & Simple Deployment & Integration Business Challenges Member portal evolving from static to social-networking Member data need to be maintained in multiple backend systems Core user information stored in a mainframe DB via a proprietary Web Service Oracle Solution Implemented OVD, OID and OAM to secure AARP.com for over 30 million members OVD exposes mainframe Web Service as LDAP OAM manages self-registration process OID provides authentication service Return On Investment Rapidly and cost effectively deployed new services without wholesale replacement of legacy technologies Achieved data integration into multiple systems without incurring cost of dedicated synchronization service Provide flexible security infrastructure to enable new business/service model
Case Study Chic-fil-A Simplify Application Deployment & Identity Integration Business Challenges Applicationccess to fine-grained authorization data Employee data spread in multiple data sources Difficult to deploy any new applications as a result Oracle Solution Implemented OVD to provide LDAP interface to internal permission systems OVD connects to AD, ADAM, ebiz HR, permission DB, and location DB OVD provides authentication and authorization related search capabilities Return On Investment Rapidly and cost effectively deployed new services Reduced number of repositories Reduced the need for new provisioning connectors
Hartford case study cannot be presented in public sessions. Either make this slide generic or use the Kable Deutchland case study. Case Study The Hartford Next Generation Business Enablement Technology Business Challenges Need to access industry-specific, web-based applications to process quotes across multiple carriers Need to provide real-time quotes to Independent agents using a variety of homegrown and vendor solutions Need technology that can co-exist with other corporate security environments and support multiple message transport protocols Oracle Solution Secure WS based quote-management environment using OWSM Flexible solution that integrates with existing SOA and 3rd-party hardwarebased security solutions Solution that provides both WS security and management using centralized policy administration Return On Investment Protects investment in existing multivendor and home-grown platforms Improved productivity and reduced risk associated with administration of security policy Security enforcement environment that can be rapidly deployed with no additional coding
Case Study - Kabel Deutschland SOA Security Integration Business Challenges Oracle BPEL is used by Kabel Deutshland to implement a flexible architecture to support the services offered by the company. The Oracle BPEL Process Manager deployment required additional security and operations management. Oracle Solution OWSM provides tight integration with Oracle BPEL Process Manager. Access to BPEL processes is protected by Oracle WSM agents, both on the client and server sides Authentication is extended to Individual users and requests can be routed to the right service. Return On Investment Cost reduction by eliminating the need for hard coding security for each web service Allows customer to eliminate VPN from service architecture Security is improved by extending authentication from service level to user level
For More Information search.oracle.com Identity management or oracle.com