<Insert Picture Here> Key New Capabilities Complete, Open, Integrated Oracle Analytics 11g: Intelligence and Governance Paola Marino Principal Sales Consultant, Management
Agenda Drivers Oracle Analytics overview and demo: Attestation Process Audit Policy Role Governance Compliance Dashboard Oracle Differentiators Phased approach Customers profiles
Business Requirements for IT Security Managing Security & Risk Increasing Business Value Sustaining Compliance
Oracle Management Comprehensive and Best-of-Breed Administration Manager Access Management * Access Manager Adaptive Access Manager Enterprise Single Sign-On Entitlements Server Federation Information Rights Management Web Services Manager & Access Governance Analytics Oracle Platform Security Services Directory Services Directory Server EE Internet Directory Virtual Directory Operational Manageability Management Pack For Management *Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet
What Are We Hearing? IT Ops & Security Business Managers Compliance Manage access control across the enterprise Assess and control security risk Understand and attest to user access IT Risk and Business Productivity goals don t align Without automation, compliance is complex, error-prone, inconsistent Need to enforce and demonstrate compliance rapidly Control IT, Security, Compliance Costs
Achieving Compliance A common theme behind compliance involves identification and management of user access rights What resource(s) does a user have an account on? Does the user require an account on that system? What are the user's capabilities on that resource? Who authorized or created the user's account? Does the user's presence violate any business or security policies? How do companies determine this information today?
Oracle Analytics 11g Data Sources Oracle Manager Oracle Access Manager Compliance Command Console Access Certification IT Audit Policy Monitoring Role Governance Compliance Command Console Actionable Dashboards, Business Reports & Comprehensive Analytics Accelerated and Sustainable Compliance Automation Access Certification, IT Audit Policy Monitoring, Closed-loop Remediation Intelligent Role Governance Change Management, Attestation, Consolidation & Audit, Role Mining Rich Optimized for Analysis, Mining, Correlation, Reporting on, Access and Policy Data
Central Repository Users, Roles, Orgs, Entitlements Business glossaries, Classifications Data ownership, Entitlement hierarchies Applications Entitlements, Account types/status Policies Attestation Approvals Optimized for complex analyses & simulations Historical & audit snapshots Support for direct imports from applications, OOB integration for Manager
Data Architecture Optimized for Complex Analyses & Simulations Historical & Audit Snapshots Business Organization Hierarchies Entitlement Hierarchies Business & IT Roles Data Elements Users, Roles, Entitlements, Applications & Policy Violations Business Friendly Entitlement Glossaries Risk Based Data Classification Privileged Entitlement Monitoring Data Ownership Data Population Out of Box ETL from Oracle Manager & Oracle Waveset Support for Direct Imports from Applications Consistent Schema for all Import Types
Demo: Data Browsing (Organizations and Users Data) Hierarchical Business Structures Accounts with nth level attributes
Access Certification Certification Data User Attributes Role Memberships Role Based Entitlement Grants Exception Entitlement Grants Role Definition Role Entitlement Mapping Scheduling Periodic Scheduling Event Based Attestation for On-Boarding, Transfers & Termination Reminders & Escalations Spreadsheet Exports 360 Degree View Business Glossary Audit Exceptions Historical Data Approval Data Attestation Dashboards for Compliance Officers Closed Loop Remediation with OIM Integration
Access Certification Flow 1 Set Up Periodic Review 2 Reviewer Is Notified Goes to Self Service 3 Automated Action is taken based on Periodic Review 4 Report Built And Results Stored in DB Reviewer Selections What Is Reviewed? Certify Email Result to User Reject Automatically Terminate User Who Reviews It? Decline Notify the Process Owner Archive Delegate Notify Delegated Reviewer Attested Data Attestation Actions Start When? How Often? Comments Delegation Paths
Demo: Access Certification (Employment verification, Roles and Entitlements Attestation, Certify / Revoke) 360 Degree View Of User Access Certify/Revoke Options
IT Audit Policy Monitoring Violation Detection and Alert Event Analysis Audit Trail Assign Remediation IT Audit Policies Across Entitlements & Roles Within Application or Cross- Applications Preventative & Detective Remediation for SoD conflicts Role and Audit Exceptions
Demo: Audit Policy Definition Complex Audit Rule Conditions Enterprise wide Rule Objects
Demo: Audit Policy Violations Comprehensive Audit Violation Information Policy Violation Remedation Actions
IT Audit Policy Monitoring Closed-Loop Remediation Oracle Analytics Oracle Manager Attestation Remediation Configuration Roles, Accounts & Resource Entitlements Exported to OIM for De-Provisioning Provisioning/ De-Provisioning Workflow Revocation Tracking (closing the loop) Account & Resource Entitlement Data Imported to OIA Revocation of Resources & Roles (automated and/or manual) Complete De-Provisioning Audit Trail Comprehensive Audit Trail
Role Lifecycle Management Role Definition Role Modeling Role Mining Top-Down Approach Bottom-Up Approach Role Governance Role Audit, Analytics Change Mgmt Role Audit Analytics Role Change Approvals Role Versioning & Offline Copies Rollbacks Role Change Impact Analysis Role Entitlement Mapping History Role Membership History Approvals History Role Ownership History Role Definition Attestation Role Membership Attestation Role Consolidation Role Mining
Role Engineering Intelligent Role Discovery Engine Comprehensive Role Discovery using Hybrid Approach: Bottom Up (User Entitlements) Top Down (User HR Attributes) Flexible User Population Selection Review Mining Results in a centralized Dashboard with mining statistics, intelligent Analytics and graphical Representations Role Entitlement Discovery to mine new applications based on existing roles Role Mining Mining Data Resources Identities Entitlements Existing Roles Discover Patterns Suggested Roles
Demo: Role Mining, Versioning, History Role Versioning Complete Role History & Audit Trail
Compliance Command Console Presentation of Data in Business-Friendly Format Actionable Dashboards Reliable risk analysis Compliance Metrics Monitoring Reports like Top N-lists Comprehensive crossreferenced presentable data Enable complete identity Governance Advanced analytics Historical Trend Analysis Remediation Tracking 50+ out of box reports
Oracle Differentiators Product Leadership Scalable Architecture Part of industry-leading IAM Solution Set Executive Commitment, Strong Vision, Tremendous R&D and Global Support
Phased approach to Oracle Analytics Consolidate & Correlate Entitlements Automate -based Controls Define Enterprise Roles Assign Access via Roles Support Business Decisions Access Certification & Audit Policy Role Mgmt & Governance Integration with Provisioning Reports, Dashboards & Analytics Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
Oracle Analytics Customers
Deployment Profiles Citi 200k Users, 2M Entitlements Capital One 55K attestations AMEX 250K Users, 24M Entitlements, 5M Accounts, 6.5M Glossary Definitions United Airlines 100 K Users Thrivent Financial Integrated with OIM for application management DirectTV M+ Entitlements Blue Cross Blue Shield of Louisiana SoD across AD & Mainframe
Oracle IdM Customer Advisory Board (July 13-15, 2010) Confidential